osso 0.0.3.4 → 0.0.3.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.buildkite/pipeline.yml +6 -1
- data/.rubocop.yml +1 -2
- data/Gemfile.lock +5 -1
- data/bin/annotate +1 -0
- data/bin/console +4 -3
- data/config/database.yml +2 -2
- data/db/schema.rb +90 -1
- data/lib/osso.rb +1 -0
- data/lib/osso/db/migrate/20200328143305_create_identity_providers.rb +12 -0
- data/lib/osso/db/migrate/20200411184535_add_provider_id_to_users.rb +2 -2
- data/lib/osso/db/migrate/20200411192645_create_enterprise_accounts.rb +1 -1
- data/lib/osso/db/migrate/20200502135008_add_oauth_client_id_to_enterprise_accounts_and_identity_providers.rb +6 -0
- data/lib/osso/db/migrate/20200714223226_add_identity_provider_service_enum.rb +17 -0
- data/lib/osso/db/migrate/20200715154211_rename_idp_fields_on_identity_provider_to_sso.rb +6 -0
- data/lib/osso/db/migrate/20200715205801_add_name_to_enterprise_account.rb +5 -0
- data/lib/osso/db/migrate/20200722230116_add_identity_provider_status_enum_and_use_on_identity_providers.rb +15 -0
- data/lib/osso/db/migrate/20200723153750_add_missing_timestamps.rb +35 -0
- data/lib/osso/db/migrate/20200723162228_drop_unneeded_tables.rb +9 -0
- data/lib/osso/graphql/mutation.rb +5 -2
- data/lib/osso/graphql/mutations.rb +5 -1
- data/lib/osso/graphql/mutations/base_mutation.rb +24 -7
- data/lib/osso/graphql/mutations/configure_identity_provider.rb +19 -13
- data/lib/osso/graphql/mutations/create_enterprise_account.rb +25 -0
- data/lib/osso/graphql/mutations/create_identity_provider.rb +9 -7
- data/lib/osso/graphql/mutations/create_oauth_client.rb +30 -0
- data/lib/osso/graphql/mutations/delete_enterprise_account.rb +34 -0
- data/lib/osso/graphql/mutations/delete_oauth_client.rb +30 -0
- data/lib/osso/graphql/query.rb +2 -2
- data/lib/osso/graphql/resolvers/oauth_clients.rb +2 -2
- data/lib/osso/graphql/schema.rb +5 -1
- data/lib/osso/graphql/types.rb +2 -0
- data/lib/osso/graphql/types/base_input_object.rb +10 -0
- data/lib/osso/graphql/types/base_object.rb +2 -0
- data/lib/osso/graphql/types/enterprise_account.rb +5 -5
- data/lib/osso/graphql/types/identity_provider.rb +6 -13
- data/lib/osso/graphql/types/identity_provider_service.rb +1 -1
- data/lib/osso/graphql/types/identity_provider_status.rb +14 -0
- data/lib/osso/graphql/types/oauth_client.rb +13 -1
- data/lib/osso/helpers/auth.rb +16 -15
- data/lib/osso/lib/app_config.rb +1 -1
- data/lib/osso/lib/route_map.rb +28 -0
- data/lib/osso/models/access_token.rb +18 -0
- data/lib/osso/models/authorization_code.rb +20 -0
- data/lib/osso/models/enterprise_account.rb +24 -4
- data/lib/osso/models/identity_provider.rb +77 -0
- data/lib/osso/models/models.rb +3 -1
- data/lib/osso/models/oauth_client.rb +19 -3
- data/lib/osso/models/redirect_uri.rb +17 -0
- data/lib/osso/models/user.rb +25 -3
- data/lib/osso/routes/admin.rb +18 -15
- data/lib/osso/routes/auth.rb +30 -27
- data/lib/osso/routes/oauth.rb +50 -45
- data/lib/osso/version.rb +1 -1
- data/osso-rb.gemspec +3 -3
- data/spec/factories/enterprise_account.rb +5 -4
- data/spec/factories/identity_providers.rb +71 -0
- data/spec/factories/user.rb +1 -1
- data/spec/graphql/mutations/configure_identity_provider_spec.rb +75 -0
- data/spec/graphql/mutations/create_enterprise_account_spec.rb +68 -0
- data/spec/graphql/mutations/create_identity_provider_spec.rb +104 -0
- data/spec/graphql/mutations/create_oauth_client_spec.rb +55 -0
- data/spec/graphql/mutations/delete_enterprise_account_spec.rb +63 -0
- data/spec/graphql/mutations/delete_oauth_client_spec.rb +51 -0
- data/spec/graphql/query/enterprise_account_spec.rb +68 -0
- data/spec/graphql/query/enterprise_accounts_spec.rb +44 -0
- data/spec/graphql/query/identity_provider_spec.rb +65 -0
- data/spec/graphql/query/oauth_clients_spec.rb +50 -0
- data/spec/models/azure_saml_provider_spec.rb +14 -14
- data/spec/models/identity_provider_spec.rb +17 -0
- data/spec/models/okta_saml_provider_spec.rb +15 -15
- data/spec/routes/admin_spec.rb +2 -0
- data/spec/routes/auth_spec.rb +9 -9
- data/spec/routes/oauth_spec.rb +1 -1
- data/spec/spec_helper.rb +4 -5
- data/spec/support/spec_app.rb +9 -0
- metadata +47 -16
- data/lib/osso/db/migrate/20200328143303_create_oauth_tables.rb +0 -57
- data/lib/osso/db/migrate/20200411144528_create_saml_providers.rb +0 -13
- data/lib/osso/db/migrate/20200413153029_add_oauth_client_reference_to_saml_providers.rb +0 -5
- data/lib/osso/db/migrate/20200501203026_drop_null_constraints_from_saml_provider.rb +0 -7
- data/lib/osso/db/migrate/20200501204047_drop_acs_url.rb +0 -5
- data/lib/osso/db/migrate/20200502135008_add_oauth_client_id_to_enterprise_account.rb +0 -5
- data/lib/osso/db/migrate/20200601131227_drop_null_constraint_from_saml_providers_provider.rb +0 -7
- data/lib/osso/db/schema.rb +0 -132
- data/lib/osso/graphql/mutations/set_saml_provider.rb +0 -27
- data/lib/osso/models/saml_provider.rb +0 -52
- data/lib/osso/models/saml_providers/azure_saml_provider.rb +0 -22
- data/lib/osso/models/saml_providers/okta_saml_provider.rb +0 -23
- data/spec/factories/saml_providers.rb +0 -46
- data/spec/models/saml_provider_spec.rb +0 -31
data/lib/osso/version.rb
CHANGED
data/osso-rb.gemspec
CHANGED
@@ -2,6 +2,7 @@
|
|
2
2
|
|
3
3
|
require_relative 'lib/osso/version'
|
4
4
|
|
5
|
+
# rubocop:disable Metrics/BlockLength
|
5
6
|
Gem::Specification.new do |spec|
|
6
7
|
spec.name = 'osso'
|
7
8
|
spec.version = Osso::VERSION
|
@@ -27,15 +28,14 @@ Gem::Specification.new do |spec|
|
|
27
28
|
spec.add_runtime_dependency 'sinatra-activerecord'
|
28
29
|
spec.add_runtime_dependency 'sinatra-contrib'
|
29
30
|
|
31
|
+
spec.add_development_dependency 'annotate', '~> 3.1'
|
30
32
|
spec.add_development_dependency 'bundler', '~> 2.1'
|
31
33
|
spec.add_development_dependency 'pry'
|
32
34
|
|
33
|
-
# Specify which files should be added to the gem when it is released.
|
34
|
-
# The `git ls-files -z` loads the files in the RubyGem that have been added into git.
|
35
35
|
spec.executables = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
|
36
36
|
spec.files = `git ls-files`.split("\n")
|
37
37
|
spec.test_files = `git ls-files -- {spec}/*`.split("\n")
|
38
38
|
spec.bindir = 'bin'
|
39
|
-
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
40
39
|
spec.require_paths = ['lib']
|
41
40
|
end
|
41
|
+
# rubocop:enable Metrics/BlockLength
|
@@ -3,6 +3,7 @@
|
|
3
3
|
FactoryBot.define do
|
4
4
|
factory :enterprise_account, class: Osso::Models::EnterpriseAccount do
|
5
5
|
id { SecureRandom.uuid }
|
6
|
+
name { Faker::Company.name }
|
6
7
|
domain { Faker::Internet.domain_name }
|
7
8
|
oauth_client
|
8
9
|
end
|
@@ -10,7 +11,7 @@ FactoryBot.define do
|
|
10
11
|
factory :enterprise_with_okta, parent: :enterprise_account do
|
11
12
|
after :create do |enterprise|
|
12
13
|
create(
|
13
|
-
:
|
14
|
+
:okta_identity_provider,
|
14
15
|
domain: enterprise.domain,
|
15
16
|
enterprise_account_id: enterprise.id,
|
16
17
|
)
|
@@ -20,7 +21,7 @@ FactoryBot.define do
|
|
20
21
|
factory :enterprise_with_azure, parent: :enterprise_account do
|
21
22
|
after :create do |enterprise|
|
22
23
|
create(
|
23
|
-
:
|
24
|
+
:azure_identity_provider,
|
24
25
|
domain: enterprise.domain,
|
25
26
|
enterprise_account_id: enterprise.id,
|
26
27
|
)
|
@@ -30,13 +31,13 @@ FactoryBot.define do
|
|
30
31
|
factory :enterprise_with_multiple_providers, parent: :enterprise_account do
|
31
32
|
after :create do |enterprise|
|
32
33
|
create(
|
33
|
-
:
|
34
|
+
:okta_identity_provider,
|
34
35
|
domain: enterprise.domain,
|
35
36
|
enterprise_account_id: enterprise.id,
|
36
37
|
)
|
37
38
|
|
38
39
|
create(
|
39
|
-
:
|
40
|
+
:azure_identity_provider,
|
40
41
|
domain: enterprise.domain,
|
41
42
|
enterprise_account_id: enterprise.id,
|
42
43
|
)
|
@@ -0,0 +1,71 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
FactoryBot.define do
|
4
|
+
factory :identity_provider, class: Osso::Models::IdentityProvider do
|
5
|
+
id { SecureRandom.uuid }
|
6
|
+
domain { Faker::Internet.domain_name }
|
7
|
+
oauth_client
|
8
|
+
|
9
|
+
factory :okta_identity_provider, parent: :identity_provider do
|
10
|
+
service { 'OKTA' }
|
11
|
+
sso_url do
|
12
|
+
'https://dev-162024.okta.com/app/vcardmedev162024_rubydemo2_1/exk51326b3U1941Hf4x6/sso/saml'
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
factory :azure_identity_provider, parent: :identity_provider do
|
17
|
+
service { 'AZURE' }
|
18
|
+
sso_url do
|
19
|
+
'https://login.microsoftonline.com/0af6c610-c40c-4683-9ea4-f25e509b8172/saml2'
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
factory :configured_identity_provider, parent: :identity_provider do
|
24
|
+
sso_cert do
|
25
|
+
<<~CERT
|
26
|
+
-----BEGIN CERTIFICATE-----
|
27
|
+
MIIDpDCCAoygAwIBAgIGAXEiD4LlMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
|
28
|
+
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
|
29
|
+
MBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi0xNjIwMjQxHDAaBgkqhkiG9w0BCQEW
|
30
|
+
DWluZm9Ab2t0YS5jb20wHhcNMjAwMzI4MTY1MTU0WhcNMzAwMzI4MTY1MjU0WjCBkjELMAkGA1UE
|
31
|
+
BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNV
|
32
|
+
BAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtMTYyMDI0MRwwGgYJ
|
33
|
+
KoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
|
34
|
+
wsnP4UTfv3bxR5Jh0at51Dqjj+fKxFznzFW3XA5NbF2SlRLjeYcvj3+47TC0eP6xOsLWfnvdnx4v
|
35
|
+
dd9Ufn7jDCo5pL3JykMVEh2I0szF3RLC+a532ArcwgU9Px48+rWVwPkASS7l4NHAM4+gOBHJMQt2
|
36
|
+
AMohPT0kU41P8BEPzfwhNyiEXR66JNZIJUE8fM3Vpgnxm/VSwYzJf0NfOyfxv8JczF0zkDbpE7Tk
|
37
|
+
3Ww/PFFLoMxWzanWGJQ+blnhv6UV6H4fcfAbcwAplOdIVHjS2ghYBvYNGahuFxjia0+6csyZGrt8
|
38
|
+
H4XmR5Dr+jXY5K1b1VOA0k19/FCnHHN/smn25wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBgD9NE
|
39
|
+
4OCuR1+vucV8S1T6XXIL2hB7bXBAZEVHZ1aErRzktgXAMgVwG267vIkD5VOXBiTy9yNU5LK6G3k2
|
40
|
+
zewU190sL1dMfyPnoVZyn94nvwe9A+on0tmZdmk00xirKk3FJdacnZNE9Dl/afIrcNf6xAm0WsU9
|
41
|
+
kbMiRwwvjO4TAiygDQzbrRC8ZfmT3hpBa3aTUzAccrvEQcgarLk4r7UjXP7a2mCN3UIIh+snN2Ms
|
42
|
+
vXHL0r6fM3xbniz+5lleWtPFw73yySBc8znkWZ4Tn8Lh0r6o5nCRYbr2REUB7ZIfiIyBbZxIp4kv
|
43
|
+
a+habbnQDFiNVzEd8OPXHh4EqLxOPDRW
|
44
|
+
-----END CERTIFICATE-----
|
45
|
+
CERT
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
# == Schema Information
|
52
|
+
#
|
53
|
+
# Table name: identity_providers
|
54
|
+
#
|
55
|
+
# id :uuid not null, primary key
|
56
|
+
# service :string
|
57
|
+
# domain :string not null
|
58
|
+
# sso_url :string
|
59
|
+
# sso_cert :text
|
60
|
+
# enterprise_account_id :uuid
|
61
|
+
# oauth_client_id :uuid
|
62
|
+
# status :enum default("PENDING")
|
63
|
+
# created_at :datetime
|
64
|
+
# updated_at :datetime
|
65
|
+
#
|
66
|
+
# Indexes
|
67
|
+
#
|
68
|
+
# index_identity_providers_on_domain (domain)
|
69
|
+
# index_identity_providers_on_enterprise_account_id (enterprise_account_id)
|
70
|
+
# index_identity_providers_on_oauth_client_id (oauth_client_id)
|
71
|
+
#
|
data/spec/factories/user.rb
CHANGED
@@ -5,7 +5,7 @@ FactoryBot.define do
|
|
5
5
|
id { SecureRandom.uuid }
|
6
6
|
email { Faker::Internet.email }
|
7
7
|
idp_id { SecureRandom.hex(32) }
|
8
|
-
|
8
|
+
identity_provider { create(:okta_identity_provider) }
|
9
9
|
enterprise_account
|
10
10
|
after(:create) do |user|
|
11
11
|
create(
|
@@ -0,0 +1,75 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'spec_helper'
|
4
|
+
|
5
|
+
describe Osso::GraphQL::Schema do
|
6
|
+
describe 'ConfigureIdentityProvider' do
|
7
|
+
let(:enterprise_account) { create(:enterprise_account) }
|
8
|
+
let(:identity_provider) { create(:identity_provider, enterprise_account: enterprise_account) }
|
9
|
+
let(:variables) do
|
10
|
+
{
|
11
|
+
input: {
|
12
|
+
id: identity_provider.id,
|
13
|
+
service: 'OKTA',
|
14
|
+
ssoUrl: 'https://example.com',
|
15
|
+
ssoCert: 'BEGIN_CERTIFICATE',
|
16
|
+
},
|
17
|
+
}
|
18
|
+
end
|
19
|
+
let(:mutation) do
|
20
|
+
<<~GRAPHQL
|
21
|
+
mutation ConfigureIdentityProvider($input: ConfigureIdentityProviderInput!) {
|
22
|
+
configureIdentityProvider(input: $input) {
|
23
|
+
identityProvider {
|
24
|
+
id
|
25
|
+
domain
|
26
|
+
status
|
27
|
+
enterpriseAccountId
|
28
|
+
service
|
29
|
+
acsUrl
|
30
|
+
ssoCert
|
31
|
+
ssoUrl
|
32
|
+
}
|
33
|
+
}
|
34
|
+
}
|
35
|
+
GRAPHQL
|
36
|
+
end
|
37
|
+
|
38
|
+
subject do
|
39
|
+
described_class.execute(
|
40
|
+
mutation,
|
41
|
+
variables: variables,
|
42
|
+
context: { scope: current_scope },
|
43
|
+
)
|
44
|
+
end
|
45
|
+
|
46
|
+
describe 'for an admin user' do
|
47
|
+
let(:current_scope) { :admin }
|
48
|
+
it 'configures an identity provider' do
|
49
|
+
expect(subject.dig('data', 'configureIdentityProvider', 'identityProvider', 'status')).
|
50
|
+
to eq('Configured')
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
54
|
+
describe 'for an email scoped user' do
|
55
|
+
let(:domain) { Faker::Internet.domain_name }
|
56
|
+
let(:current_scope) { domain }
|
57
|
+
let(:enterprise_account) { create(:enterprise_account, domain: domain) }
|
58
|
+
let(:identity_provider) { create(:identity_provider, enterprise_account: enterprise_account, domain: domain) }
|
59
|
+
|
60
|
+
it 'configures an identity provider' do
|
61
|
+
expect(subject.dig('data', 'configureIdentityProvider', 'identityProvider', 'domain')).
|
62
|
+
to eq(domain)
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
describe 'for the wrong email scoped user' do
|
67
|
+
let(:domain) { Faker::Internet.domain_name }
|
68
|
+
let(:current_scope) { domain }
|
69
|
+
|
70
|
+
it 'does not configure an identity provider' do
|
71
|
+
expect(subject.dig('errors')).to_not be_empty
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
@@ -0,0 +1,68 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'spec_helper'
|
4
|
+
|
5
|
+
describe Osso::GraphQL::Schema do
|
6
|
+
describe 'CreateIdentityProvider' do
|
7
|
+
let(:domain) { Faker::Internet.domain_name }
|
8
|
+
let(:variables) do
|
9
|
+
{
|
10
|
+
input: {
|
11
|
+
name: Faker::Company.name,
|
12
|
+
domain: domain,
|
13
|
+
},
|
14
|
+
}
|
15
|
+
end
|
16
|
+
|
17
|
+
let(:mutation) do
|
18
|
+
<<~GRAPHQL
|
19
|
+
mutation CreateEnterpriseAccount($input: CreateEnterpriseAccountInput!) {
|
20
|
+
createEnterpriseAccount(input: $input) {
|
21
|
+
enterpriseAccount {
|
22
|
+
id
|
23
|
+
domain
|
24
|
+
name
|
25
|
+
status
|
26
|
+
}
|
27
|
+
}
|
28
|
+
}
|
29
|
+
GRAPHQL
|
30
|
+
end
|
31
|
+
|
32
|
+
subject do
|
33
|
+
described_class.execute(
|
34
|
+
mutation,
|
35
|
+
variables: variables,
|
36
|
+
context: { scope: current_scope },
|
37
|
+
)
|
38
|
+
end
|
39
|
+
|
40
|
+
describe 'for an admin user' do
|
41
|
+
let(:current_scope) { :admin }
|
42
|
+
it 'creates an Enterprise Account' do
|
43
|
+
expect { subject }.to change { Osso::Models::EnterpriseAccount.count }.by(1)
|
44
|
+
expect(subject.dig('data', 'createEnterpriseAccount', 'enterpriseAccount', 'domain')).
|
45
|
+
to eq(domain)
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
describe 'for an email scoped user' do
|
50
|
+
let(:current_scope) { domain }
|
51
|
+
|
52
|
+
it 'creates an Enterprise Account' do
|
53
|
+
expect { subject }.to change { Osso::Models::EnterpriseAccount.count }.by(1)
|
54
|
+
expect(subject.dig('data', 'createEnterpriseAccount', 'enterpriseAccount', 'domain')).
|
55
|
+
to eq(domain)
|
56
|
+
end
|
57
|
+
end
|
58
|
+
describe 'for the wrong email scoped user' do
|
59
|
+
let(:current_scope) { 'foo.com' }
|
60
|
+
|
61
|
+
it 'does not create an Enterprise Account' do
|
62
|
+
expect { subject }.to_not(change { Osso::Models::EnterpriseAccount.count })
|
63
|
+
expect(subject.dig('data', 'createEnterpriseAccount', 'enterpriseAccount', 'domain')).
|
64
|
+
to be_nil
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
68
|
+
end
|
@@ -0,0 +1,104 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'spec_helper'
|
4
|
+
|
5
|
+
describe Osso::GraphQL::Schema do
|
6
|
+
describe 'CreateIdentityProvider' do
|
7
|
+
let(:enterprise_account) { create(:enterprise_account) }
|
8
|
+
let(:mutation) do
|
9
|
+
<<~GRAPHQL
|
10
|
+
mutation CreateIdentityProvider($input: CreateIdentityProviderInput!) {
|
11
|
+
createIdentityProvider(input: $input) {
|
12
|
+
identityProvider {
|
13
|
+
id
|
14
|
+
domain
|
15
|
+
enterpriseAccountId
|
16
|
+
service
|
17
|
+
acsUrl
|
18
|
+
}
|
19
|
+
}
|
20
|
+
}
|
21
|
+
GRAPHQL
|
22
|
+
end
|
23
|
+
|
24
|
+
subject do
|
25
|
+
described_class.execute(
|
26
|
+
mutation,
|
27
|
+
variables: variables,
|
28
|
+
context: { scope: current_scope },
|
29
|
+
)
|
30
|
+
end
|
31
|
+
|
32
|
+
describe 'for an admin user' do
|
33
|
+
let(:current_scope) { :admin }
|
34
|
+
describe 'without a service' do
|
35
|
+
let(:variables) { { input: { enterpriseAccountId: enterprise_account.id } } }
|
36
|
+
|
37
|
+
it 'creates an identity provider' do
|
38
|
+
expect { subject }.to change { enterprise_account.identity_providers.count }.by(1)
|
39
|
+
expect(subject.dig('data', 'createIdentityProvider', 'identityProvider', 'domain')).
|
40
|
+
to eq(enterprise_account.domain)
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
44
|
+
describe 'with a service' do
|
45
|
+
let(:variables) { { input: { enterpriseAccountId: enterprise_account.id, service: 'OKTA' } } }
|
46
|
+
|
47
|
+
it 'creates an identity provider for given service ' do
|
48
|
+
expect { subject }.to change { enterprise_account.identity_providers.count }.by(1)
|
49
|
+
expect(subject.dig('data', 'createIdentityProvider', 'identityProvider', 'service')).
|
50
|
+
to eq('OKTA')
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
describe 'for an email scoped user' do
|
56
|
+
let(:domain) { Faker::Internet.domain_name }
|
57
|
+
let(:current_scope) { domain }
|
58
|
+
let(:enterprise_account) { create(:enterprise_account, domain: domain) }
|
59
|
+
|
60
|
+
describe 'without a service' do
|
61
|
+
let(:variables) { { input: { enterpriseAccountId: enterprise_account.id } } }
|
62
|
+
|
63
|
+
it 'creates an identity provider' do
|
64
|
+
expect { subject }.to change { enterprise_account.identity_providers.count }.by(1)
|
65
|
+
expect(subject.dig('data', 'createIdentityProvider', 'identityProvider', 'domain')).
|
66
|
+
to eq(domain)
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
describe 'with a service' do
|
71
|
+
let(:variables) { { input: { enterpriseAccountId: enterprise_account.id, service: 'OKTA' } } }
|
72
|
+
|
73
|
+
it 'creates an identity provider for given service ' do
|
74
|
+
expect { subject }.to change { enterprise_account.identity_providers.count }.by(1)
|
75
|
+
expect(subject.dig('data', 'createIdentityProvider', 'identityProvider', 'service')).
|
76
|
+
to eq('OKTA')
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
80
|
+
|
81
|
+
describe 'for a wrong email scoped user' do
|
82
|
+
let(:domain) { Faker::Internet.domain_name }
|
83
|
+
let(:current_scope) { domain }
|
84
|
+
let(:enterprise_account) { create(:enterprise_account, domain: domain) }
|
85
|
+
let(:target_account) { create(:enterprise_account) }
|
86
|
+
|
87
|
+
describe 'without a service' do
|
88
|
+
let(:variables) { { input: { enterpriseAccountId: target_account.id } } }
|
89
|
+
|
90
|
+
it 'does not creates a identity provider' do
|
91
|
+
expect { subject }.to_not(change { Osso::Models::IdentityProvider.count })
|
92
|
+
end
|
93
|
+
end
|
94
|
+
|
95
|
+
describe 'with a service' do
|
96
|
+
let(:variables) { { input: { enterpriseAccountId: target_account.id, service: 'OKTA' } } }
|
97
|
+
|
98
|
+
it 'does not creates a identity provider' do
|
99
|
+
expect { subject }.to_not(change { Osso::Models::IdentityProvider.count })
|
100
|
+
end
|
101
|
+
end
|
102
|
+
end
|
103
|
+
end
|
104
|
+
end
|
@@ -0,0 +1,55 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'spec_helper'
|
4
|
+
|
5
|
+
describe Osso::GraphQL::Schema do
|
6
|
+
describe 'CreateOauthClient' do
|
7
|
+
let(:variables) do
|
8
|
+
{
|
9
|
+
input: {
|
10
|
+
name: Faker::Company.name,
|
11
|
+
},
|
12
|
+
}
|
13
|
+
end
|
14
|
+
|
15
|
+
let(:mutation) do
|
16
|
+
<<~GRAPHQL
|
17
|
+
mutation CreateOauthClient($input: CreateOauthClientInput!) {
|
18
|
+
createOauthClient(input: $input) {
|
19
|
+
oauthClient {
|
20
|
+
id
|
21
|
+
name
|
22
|
+
clientId
|
23
|
+
clientSecret
|
24
|
+
}
|
25
|
+
}
|
26
|
+
}
|
27
|
+
GRAPHQL
|
28
|
+
end
|
29
|
+
|
30
|
+
subject do
|
31
|
+
described_class.execute(
|
32
|
+
mutation,
|
33
|
+
variables: variables,
|
34
|
+
context: { scope: current_scope },
|
35
|
+
)
|
36
|
+
end
|
37
|
+
|
38
|
+
describe 'for an admin user' do
|
39
|
+
let(:current_scope) { :admin }
|
40
|
+
it 'creates an OauthClient' do
|
41
|
+
expect { subject }.to change { Osso::Models::OauthClient.count }.by(1)
|
42
|
+
expect(subject.dig('data', 'createOauthClient', 'oauthClient', 'clientId')).
|
43
|
+
to_not be_nil
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
describe 'for an email scoped user' do
|
48
|
+
let(:current_scope) { 'foo.com' }
|
49
|
+
|
50
|
+
it 'does not create an OauthClient Account' do
|
51
|
+
expect { subject }.to_not(change { Osso::Models::OauthClient.count })
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|