osso 0.0.3.4 → 0.0.3.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (91) hide show
  1. checksums.yaml +4 -4
  2. data/.buildkite/pipeline.yml +6 -1
  3. data/.rubocop.yml +1 -2
  4. data/Gemfile.lock +5 -1
  5. data/bin/annotate +1 -0
  6. data/bin/console +4 -3
  7. data/config/database.yml +2 -2
  8. data/db/schema.rb +90 -1
  9. data/lib/osso.rb +1 -0
  10. data/lib/osso/db/migrate/20200328143305_create_identity_providers.rb +12 -0
  11. data/lib/osso/db/migrate/20200411184535_add_provider_id_to_users.rb +2 -2
  12. data/lib/osso/db/migrate/20200411192645_create_enterprise_accounts.rb +1 -1
  13. data/lib/osso/db/migrate/20200502135008_add_oauth_client_id_to_enterprise_accounts_and_identity_providers.rb +6 -0
  14. data/lib/osso/db/migrate/20200714223226_add_identity_provider_service_enum.rb +17 -0
  15. data/lib/osso/db/migrate/20200715154211_rename_idp_fields_on_identity_provider_to_sso.rb +6 -0
  16. data/lib/osso/db/migrate/20200715205801_add_name_to_enterprise_account.rb +5 -0
  17. data/lib/osso/db/migrate/20200722230116_add_identity_provider_status_enum_and_use_on_identity_providers.rb +15 -0
  18. data/lib/osso/db/migrate/20200723153750_add_missing_timestamps.rb +35 -0
  19. data/lib/osso/db/migrate/20200723162228_drop_unneeded_tables.rb +9 -0
  20. data/lib/osso/graphql/mutation.rb +5 -2
  21. data/lib/osso/graphql/mutations.rb +5 -1
  22. data/lib/osso/graphql/mutations/base_mutation.rb +24 -7
  23. data/lib/osso/graphql/mutations/configure_identity_provider.rb +19 -13
  24. data/lib/osso/graphql/mutations/create_enterprise_account.rb +25 -0
  25. data/lib/osso/graphql/mutations/create_identity_provider.rb +9 -7
  26. data/lib/osso/graphql/mutations/create_oauth_client.rb +30 -0
  27. data/lib/osso/graphql/mutations/delete_enterprise_account.rb +34 -0
  28. data/lib/osso/graphql/mutations/delete_oauth_client.rb +30 -0
  29. data/lib/osso/graphql/query.rb +2 -2
  30. data/lib/osso/graphql/resolvers/oauth_clients.rb +2 -2
  31. data/lib/osso/graphql/schema.rb +5 -1
  32. data/lib/osso/graphql/types.rb +2 -0
  33. data/lib/osso/graphql/types/base_input_object.rb +10 -0
  34. data/lib/osso/graphql/types/base_object.rb +2 -0
  35. data/lib/osso/graphql/types/enterprise_account.rb +5 -5
  36. data/lib/osso/graphql/types/identity_provider.rb +6 -13
  37. data/lib/osso/graphql/types/identity_provider_service.rb +1 -1
  38. data/lib/osso/graphql/types/identity_provider_status.rb +14 -0
  39. data/lib/osso/graphql/types/oauth_client.rb +13 -1
  40. data/lib/osso/helpers/auth.rb +16 -15
  41. data/lib/osso/lib/app_config.rb +1 -1
  42. data/lib/osso/lib/route_map.rb +28 -0
  43. data/lib/osso/models/access_token.rb +18 -0
  44. data/lib/osso/models/authorization_code.rb +20 -0
  45. data/lib/osso/models/enterprise_account.rb +24 -4
  46. data/lib/osso/models/identity_provider.rb +77 -0
  47. data/lib/osso/models/models.rb +3 -1
  48. data/lib/osso/models/oauth_client.rb +19 -3
  49. data/lib/osso/models/redirect_uri.rb +17 -0
  50. data/lib/osso/models/user.rb +25 -3
  51. data/lib/osso/routes/admin.rb +18 -15
  52. data/lib/osso/routes/auth.rb +30 -27
  53. data/lib/osso/routes/oauth.rb +50 -45
  54. data/lib/osso/version.rb +1 -1
  55. data/osso-rb.gemspec +3 -3
  56. data/spec/factories/enterprise_account.rb +5 -4
  57. data/spec/factories/identity_providers.rb +71 -0
  58. data/spec/factories/user.rb +1 -1
  59. data/spec/graphql/mutations/configure_identity_provider_spec.rb +75 -0
  60. data/spec/graphql/mutations/create_enterprise_account_spec.rb +68 -0
  61. data/spec/graphql/mutations/create_identity_provider_spec.rb +104 -0
  62. data/spec/graphql/mutations/create_oauth_client_spec.rb +55 -0
  63. data/spec/graphql/mutations/delete_enterprise_account_spec.rb +63 -0
  64. data/spec/graphql/mutations/delete_oauth_client_spec.rb +51 -0
  65. data/spec/graphql/query/enterprise_account_spec.rb +68 -0
  66. data/spec/graphql/query/enterprise_accounts_spec.rb +44 -0
  67. data/spec/graphql/query/identity_provider_spec.rb +65 -0
  68. data/spec/graphql/query/oauth_clients_spec.rb +50 -0
  69. data/spec/models/azure_saml_provider_spec.rb +14 -14
  70. data/spec/models/identity_provider_spec.rb +17 -0
  71. data/spec/models/okta_saml_provider_spec.rb +15 -15
  72. data/spec/routes/admin_spec.rb +2 -0
  73. data/spec/routes/auth_spec.rb +9 -9
  74. data/spec/routes/oauth_spec.rb +1 -1
  75. data/spec/spec_helper.rb +4 -5
  76. data/spec/support/spec_app.rb +9 -0
  77. metadata +47 -16
  78. data/lib/osso/db/migrate/20200328143303_create_oauth_tables.rb +0 -57
  79. data/lib/osso/db/migrate/20200411144528_create_saml_providers.rb +0 -13
  80. data/lib/osso/db/migrate/20200413153029_add_oauth_client_reference_to_saml_providers.rb +0 -5
  81. data/lib/osso/db/migrate/20200501203026_drop_null_constraints_from_saml_provider.rb +0 -7
  82. data/lib/osso/db/migrate/20200501204047_drop_acs_url.rb +0 -5
  83. data/lib/osso/db/migrate/20200502135008_add_oauth_client_id_to_enterprise_account.rb +0 -5
  84. data/lib/osso/db/migrate/20200601131227_drop_null_constraint_from_saml_providers_provider.rb +0 -7
  85. data/lib/osso/db/schema.rb +0 -132
  86. data/lib/osso/graphql/mutations/set_saml_provider.rb +0 -27
  87. data/lib/osso/models/saml_provider.rb +0 -52
  88. data/lib/osso/models/saml_providers/azure_saml_provider.rb +0 -22
  89. data/lib/osso/models/saml_providers/okta_saml_provider.rb +0 -23
  90. data/spec/factories/saml_providers.rb +0 -46
  91. data/spec/models/saml_provider_spec.rb +0 -31
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Osso
4
- VERSION = '0.0.3.4'
4
+ VERSION = '0.0.3.9'
5
5
  end
@@ -2,6 +2,7 @@
2
2
 
3
3
  require_relative 'lib/osso/version'
4
4
 
5
+ # rubocop:disable Metrics/BlockLength
5
6
  Gem::Specification.new do |spec|
6
7
  spec.name = 'osso'
7
8
  spec.version = Osso::VERSION
@@ -27,15 +28,14 @@ Gem::Specification.new do |spec|
27
28
  spec.add_runtime_dependency 'sinatra-activerecord'
28
29
  spec.add_runtime_dependency 'sinatra-contrib'
29
30
 
31
+ spec.add_development_dependency 'annotate', '~> 3.1'
30
32
  spec.add_development_dependency 'bundler', '~> 2.1'
31
33
  spec.add_development_dependency 'pry'
32
34
 
33
- # Specify which files should be added to the gem when it is released.
34
- # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
35
35
  spec.executables = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
36
36
  spec.files = `git ls-files`.split("\n")
37
37
  spec.test_files = `git ls-files -- {spec}/*`.split("\n")
38
38
  spec.bindir = 'bin'
39
- spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
40
39
  spec.require_paths = ['lib']
41
40
  end
41
+ # rubocop:enable Metrics/BlockLength
@@ -3,6 +3,7 @@
3
3
  FactoryBot.define do
4
4
  factory :enterprise_account, class: Osso::Models::EnterpriseAccount do
5
5
  id { SecureRandom.uuid }
6
+ name { Faker::Company.name }
6
7
  domain { Faker::Internet.domain_name }
7
8
  oauth_client
8
9
  end
@@ -10,7 +11,7 @@ FactoryBot.define do
10
11
  factory :enterprise_with_okta, parent: :enterprise_account do
11
12
  after :create do |enterprise|
12
13
  create(
13
- :okta_saml_provider,
14
+ :okta_identity_provider,
14
15
  domain: enterprise.domain,
15
16
  enterprise_account_id: enterprise.id,
16
17
  )
@@ -20,7 +21,7 @@ FactoryBot.define do
20
21
  factory :enterprise_with_azure, parent: :enterprise_account do
21
22
  after :create do |enterprise|
22
23
  create(
23
- :azure_saml_provider,
24
+ :azure_identity_provider,
24
25
  domain: enterprise.domain,
25
26
  enterprise_account_id: enterprise.id,
26
27
  )
@@ -30,13 +31,13 @@ FactoryBot.define do
30
31
  factory :enterprise_with_multiple_providers, parent: :enterprise_account do
31
32
  after :create do |enterprise|
32
33
  create(
33
- :okta_saml_provider,
34
+ :okta_identity_provider,
34
35
  domain: enterprise.domain,
35
36
  enterprise_account_id: enterprise.id,
36
37
  )
37
38
 
38
39
  create(
39
- :azure_saml_provider,
40
+ :azure_identity_provider,
40
41
  domain: enterprise.domain,
41
42
  enterprise_account_id: enterprise.id,
42
43
  )
@@ -0,0 +1,71 @@
1
+ # frozen_string_literal: true
2
+
3
+ FactoryBot.define do
4
+ factory :identity_provider, class: Osso::Models::IdentityProvider do
5
+ id { SecureRandom.uuid }
6
+ domain { Faker::Internet.domain_name }
7
+ oauth_client
8
+
9
+ factory :okta_identity_provider, parent: :identity_provider do
10
+ service { 'OKTA' }
11
+ sso_url do
12
+ 'https://dev-162024.okta.com/app/vcardmedev162024_rubydemo2_1/exk51326b3U1941Hf4x6/sso/saml'
13
+ end
14
+ end
15
+
16
+ factory :azure_identity_provider, parent: :identity_provider do
17
+ service { 'AZURE' }
18
+ sso_url do
19
+ 'https://login.microsoftonline.com/0af6c610-c40c-4683-9ea4-f25e509b8172/saml2'
20
+ end
21
+ end
22
+
23
+ factory :configured_identity_provider, parent: :identity_provider do
24
+ sso_cert do
25
+ <<~CERT
26
+ -----BEGIN CERTIFICATE-----
27
+ MIIDpDCCAoygAwIBAgIGAXEiD4LlMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
28
+ A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
29
+ MBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi0xNjIwMjQxHDAaBgkqhkiG9w0BCQEW
30
+ DWluZm9Ab2t0YS5jb20wHhcNMjAwMzI4MTY1MTU0WhcNMzAwMzI4MTY1MjU0WjCBkjELMAkGA1UE
31
+ BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNV
32
+ BAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtMTYyMDI0MRwwGgYJ
33
+ KoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
34
+ wsnP4UTfv3bxR5Jh0at51Dqjj+fKxFznzFW3XA5NbF2SlRLjeYcvj3+47TC0eP6xOsLWfnvdnx4v
35
+ dd9Ufn7jDCo5pL3JykMVEh2I0szF3RLC+a532ArcwgU9Px48+rWVwPkASS7l4NHAM4+gOBHJMQt2
36
+ AMohPT0kU41P8BEPzfwhNyiEXR66JNZIJUE8fM3Vpgnxm/VSwYzJf0NfOyfxv8JczF0zkDbpE7Tk
37
+ 3Ww/PFFLoMxWzanWGJQ+blnhv6UV6H4fcfAbcwAplOdIVHjS2ghYBvYNGahuFxjia0+6csyZGrt8
38
+ H4XmR5Dr+jXY5K1b1VOA0k19/FCnHHN/smn25wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBgD9NE
39
+ 4OCuR1+vucV8S1T6XXIL2hB7bXBAZEVHZ1aErRzktgXAMgVwG267vIkD5VOXBiTy9yNU5LK6G3k2
40
+ zewU190sL1dMfyPnoVZyn94nvwe9A+on0tmZdmk00xirKk3FJdacnZNE9Dl/afIrcNf6xAm0WsU9
41
+ kbMiRwwvjO4TAiygDQzbrRC8ZfmT3hpBa3aTUzAccrvEQcgarLk4r7UjXP7a2mCN3UIIh+snN2Ms
42
+ vXHL0r6fM3xbniz+5lleWtPFw73yySBc8znkWZ4Tn8Lh0r6o5nCRYbr2REUB7ZIfiIyBbZxIp4kv
43
+ a+habbnQDFiNVzEd8OPXHh4EqLxOPDRW
44
+ -----END CERTIFICATE-----
45
+ CERT
46
+ end
47
+ end
48
+ end
49
+ end
50
+
51
+ # == Schema Information
52
+ #
53
+ # Table name: identity_providers
54
+ #
55
+ # id :uuid not null, primary key
56
+ # service :string
57
+ # domain :string not null
58
+ # sso_url :string
59
+ # sso_cert :text
60
+ # enterprise_account_id :uuid
61
+ # oauth_client_id :uuid
62
+ # status :enum default("PENDING")
63
+ # created_at :datetime
64
+ # updated_at :datetime
65
+ #
66
+ # Indexes
67
+ #
68
+ # index_identity_providers_on_domain (domain)
69
+ # index_identity_providers_on_enterprise_account_id (enterprise_account_id)
70
+ # index_identity_providers_on_oauth_client_id (oauth_client_id)
71
+ #
@@ -5,7 +5,7 @@ FactoryBot.define do
5
5
  id { SecureRandom.uuid }
6
6
  email { Faker::Internet.email }
7
7
  idp_id { SecureRandom.hex(32) }
8
- saml_provider { create(:okta_saml_provider) }
8
+ identity_provider { create(:okta_identity_provider) }
9
9
  enterprise_account
10
10
  after(:create) do |user|
11
11
  create(
@@ -0,0 +1,75 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'spec_helper'
4
+
5
+ describe Osso::GraphQL::Schema do
6
+ describe 'ConfigureIdentityProvider' do
7
+ let(:enterprise_account) { create(:enterprise_account) }
8
+ let(:identity_provider) { create(:identity_provider, enterprise_account: enterprise_account) }
9
+ let(:variables) do
10
+ {
11
+ input: {
12
+ id: identity_provider.id,
13
+ service: 'OKTA',
14
+ ssoUrl: 'https://example.com',
15
+ ssoCert: 'BEGIN_CERTIFICATE',
16
+ },
17
+ }
18
+ end
19
+ let(:mutation) do
20
+ <<~GRAPHQL
21
+ mutation ConfigureIdentityProvider($input: ConfigureIdentityProviderInput!) {
22
+ configureIdentityProvider(input: $input) {
23
+ identityProvider {
24
+ id
25
+ domain
26
+ status
27
+ enterpriseAccountId
28
+ service
29
+ acsUrl
30
+ ssoCert
31
+ ssoUrl
32
+ }
33
+ }
34
+ }
35
+ GRAPHQL
36
+ end
37
+
38
+ subject do
39
+ described_class.execute(
40
+ mutation,
41
+ variables: variables,
42
+ context: { scope: current_scope },
43
+ )
44
+ end
45
+
46
+ describe 'for an admin user' do
47
+ let(:current_scope) { :admin }
48
+ it 'configures an identity provider' do
49
+ expect(subject.dig('data', 'configureIdentityProvider', 'identityProvider', 'status')).
50
+ to eq('Configured')
51
+ end
52
+ end
53
+
54
+ describe 'for an email scoped user' do
55
+ let(:domain) { Faker::Internet.domain_name }
56
+ let(:current_scope) { domain }
57
+ let(:enterprise_account) { create(:enterprise_account, domain: domain) }
58
+ let(:identity_provider) { create(:identity_provider, enterprise_account: enterprise_account, domain: domain) }
59
+
60
+ it 'configures an identity provider' do
61
+ expect(subject.dig('data', 'configureIdentityProvider', 'identityProvider', 'domain')).
62
+ to eq(domain)
63
+ end
64
+ end
65
+
66
+ describe 'for the wrong email scoped user' do
67
+ let(:domain) { Faker::Internet.domain_name }
68
+ let(:current_scope) { domain }
69
+
70
+ it 'does not configure an identity provider' do
71
+ expect(subject.dig('errors')).to_not be_empty
72
+ end
73
+ end
74
+ end
75
+ end
@@ -0,0 +1,68 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'spec_helper'
4
+
5
+ describe Osso::GraphQL::Schema do
6
+ describe 'CreateIdentityProvider' do
7
+ let(:domain) { Faker::Internet.domain_name }
8
+ let(:variables) do
9
+ {
10
+ input: {
11
+ name: Faker::Company.name,
12
+ domain: domain,
13
+ },
14
+ }
15
+ end
16
+
17
+ let(:mutation) do
18
+ <<~GRAPHQL
19
+ mutation CreateEnterpriseAccount($input: CreateEnterpriseAccountInput!) {
20
+ createEnterpriseAccount(input: $input) {
21
+ enterpriseAccount {
22
+ id
23
+ domain
24
+ name
25
+ status
26
+ }
27
+ }
28
+ }
29
+ GRAPHQL
30
+ end
31
+
32
+ subject do
33
+ described_class.execute(
34
+ mutation,
35
+ variables: variables,
36
+ context: { scope: current_scope },
37
+ )
38
+ end
39
+
40
+ describe 'for an admin user' do
41
+ let(:current_scope) { :admin }
42
+ it 'creates an Enterprise Account' do
43
+ expect { subject }.to change { Osso::Models::EnterpriseAccount.count }.by(1)
44
+ expect(subject.dig('data', 'createEnterpriseAccount', 'enterpriseAccount', 'domain')).
45
+ to eq(domain)
46
+ end
47
+ end
48
+
49
+ describe 'for an email scoped user' do
50
+ let(:current_scope) { domain }
51
+
52
+ it 'creates an Enterprise Account' do
53
+ expect { subject }.to change { Osso::Models::EnterpriseAccount.count }.by(1)
54
+ expect(subject.dig('data', 'createEnterpriseAccount', 'enterpriseAccount', 'domain')).
55
+ to eq(domain)
56
+ end
57
+ end
58
+ describe 'for the wrong email scoped user' do
59
+ let(:current_scope) { 'foo.com' }
60
+
61
+ it 'does not create an Enterprise Account' do
62
+ expect { subject }.to_not(change { Osso::Models::EnterpriseAccount.count })
63
+ expect(subject.dig('data', 'createEnterpriseAccount', 'enterpriseAccount', 'domain')).
64
+ to be_nil
65
+ end
66
+ end
67
+ end
68
+ end
@@ -0,0 +1,104 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'spec_helper'
4
+
5
+ describe Osso::GraphQL::Schema do
6
+ describe 'CreateIdentityProvider' do
7
+ let(:enterprise_account) { create(:enterprise_account) }
8
+ let(:mutation) do
9
+ <<~GRAPHQL
10
+ mutation CreateIdentityProvider($input: CreateIdentityProviderInput!) {
11
+ createIdentityProvider(input: $input) {
12
+ identityProvider {
13
+ id
14
+ domain
15
+ enterpriseAccountId
16
+ service
17
+ acsUrl
18
+ }
19
+ }
20
+ }
21
+ GRAPHQL
22
+ end
23
+
24
+ subject do
25
+ described_class.execute(
26
+ mutation,
27
+ variables: variables,
28
+ context: { scope: current_scope },
29
+ )
30
+ end
31
+
32
+ describe 'for an admin user' do
33
+ let(:current_scope) { :admin }
34
+ describe 'without a service' do
35
+ let(:variables) { { input: { enterpriseAccountId: enterprise_account.id } } }
36
+
37
+ it 'creates an identity provider' do
38
+ expect { subject }.to change { enterprise_account.identity_providers.count }.by(1)
39
+ expect(subject.dig('data', 'createIdentityProvider', 'identityProvider', 'domain')).
40
+ to eq(enterprise_account.domain)
41
+ end
42
+ end
43
+
44
+ describe 'with a service' do
45
+ let(:variables) { { input: { enterpriseAccountId: enterprise_account.id, service: 'OKTA' } } }
46
+
47
+ it 'creates an identity provider for given service ' do
48
+ expect { subject }.to change { enterprise_account.identity_providers.count }.by(1)
49
+ expect(subject.dig('data', 'createIdentityProvider', 'identityProvider', 'service')).
50
+ to eq('OKTA')
51
+ end
52
+ end
53
+ end
54
+
55
+ describe 'for an email scoped user' do
56
+ let(:domain) { Faker::Internet.domain_name }
57
+ let(:current_scope) { domain }
58
+ let(:enterprise_account) { create(:enterprise_account, domain: domain) }
59
+
60
+ describe 'without a service' do
61
+ let(:variables) { { input: { enterpriseAccountId: enterprise_account.id } } }
62
+
63
+ it 'creates an identity provider' do
64
+ expect { subject }.to change { enterprise_account.identity_providers.count }.by(1)
65
+ expect(subject.dig('data', 'createIdentityProvider', 'identityProvider', 'domain')).
66
+ to eq(domain)
67
+ end
68
+ end
69
+
70
+ describe 'with a service' do
71
+ let(:variables) { { input: { enterpriseAccountId: enterprise_account.id, service: 'OKTA' } } }
72
+
73
+ it 'creates an identity provider for given service ' do
74
+ expect { subject }.to change { enterprise_account.identity_providers.count }.by(1)
75
+ expect(subject.dig('data', 'createIdentityProvider', 'identityProvider', 'service')).
76
+ to eq('OKTA')
77
+ end
78
+ end
79
+ end
80
+
81
+ describe 'for a wrong email scoped user' do
82
+ let(:domain) { Faker::Internet.domain_name }
83
+ let(:current_scope) { domain }
84
+ let(:enterprise_account) { create(:enterprise_account, domain: domain) }
85
+ let(:target_account) { create(:enterprise_account) }
86
+
87
+ describe 'without a service' do
88
+ let(:variables) { { input: { enterpriseAccountId: target_account.id } } }
89
+
90
+ it 'does not creates a identity provider' do
91
+ expect { subject }.to_not(change { Osso::Models::IdentityProvider.count })
92
+ end
93
+ end
94
+
95
+ describe 'with a service' do
96
+ let(:variables) { { input: { enterpriseAccountId: target_account.id, service: 'OKTA' } } }
97
+
98
+ it 'does not creates a identity provider' do
99
+ expect { subject }.to_not(change { Osso::Models::IdentityProvider.count })
100
+ end
101
+ end
102
+ end
103
+ end
104
+ end
@@ -0,0 +1,55 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'spec_helper'
4
+
5
+ describe Osso::GraphQL::Schema do
6
+ describe 'CreateOauthClient' do
7
+ let(:variables) do
8
+ {
9
+ input: {
10
+ name: Faker::Company.name,
11
+ },
12
+ }
13
+ end
14
+
15
+ let(:mutation) do
16
+ <<~GRAPHQL
17
+ mutation CreateOauthClient($input: CreateOauthClientInput!) {
18
+ createOauthClient(input: $input) {
19
+ oauthClient {
20
+ id
21
+ name
22
+ clientId
23
+ clientSecret
24
+ }
25
+ }
26
+ }
27
+ GRAPHQL
28
+ end
29
+
30
+ subject do
31
+ described_class.execute(
32
+ mutation,
33
+ variables: variables,
34
+ context: { scope: current_scope },
35
+ )
36
+ end
37
+
38
+ describe 'for an admin user' do
39
+ let(:current_scope) { :admin }
40
+ it 'creates an OauthClient' do
41
+ expect { subject }.to change { Osso::Models::OauthClient.count }.by(1)
42
+ expect(subject.dig('data', 'createOauthClient', 'oauthClient', 'clientId')).
43
+ to_not be_nil
44
+ end
45
+ end
46
+
47
+ describe 'for an email scoped user' do
48
+ let(:current_scope) { 'foo.com' }
49
+
50
+ it 'does not create an OauthClient Account' do
51
+ expect { subject }.to_not(change { Osso::Models::OauthClient.count })
52
+ end
53
+ end
54
+ end
55
+ end