osso 0.0.3.4 → 0.0.3.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.buildkite/pipeline.yml +6 -1
- data/.rubocop.yml +1 -2
- data/Gemfile.lock +5 -1
- data/bin/annotate +1 -0
- data/bin/console +4 -3
- data/config/database.yml +2 -2
- data/db/schema.rb +90 -1
- data/lib/osso.rb +1 -0
- data/lib/osso/db/migrate/20200328143305_create_identity_providers.rb +12 -0
- data/lib/osso/db/migrate/20200411184535_add_provider_id_to_users.rb +2 -2
- data/lib/osso/db/migrate/20200411192645_create_enterprise_accounts.rb +1 -1
- data/lib/osso/db/migrate/20200502135008_add_oauth_client_id_to_enterprise_accounts_and_identity_providers.rb +6 -0
- data/lib/osso/db/migrate/20200714223226_add_identity_provider_service_enum.rb +17 -0
- data/lib/osso/db/migrate/20200715154211_rename_idp_fields_on_identity_provider_to_sso.rb +6 -0
- data/lib/osso/db/migrate/20200715205801_add_name_to_enterprise_account.rb +5 -0
- data/lib/osso/db/migrate/20200722230116_add_identity_provider_status_enum_and_use_on_identity_providers.rb +15 -0
- data/lib/osso/db/migrate/20200723153750_add_missing_timestamps.rb +35 -0
- data/lib/osso/db/migrate/20200723162228_drop_unneeded_tables.rb +9 -0
- data/lib/osso/graphql/mutation.rb +5 -2
- data/lib/osso/graphql/mutations.rb +5 -1
- data/lib/osso/graphql/mutations/base_mutation.rb +24 -7
- data/lib/osso/graphql/mutations/configure_identity_provider.rb +19 -13
- data/lib/osso/graphql/mutations/create_enterprise_account.rb +25 -0
- data/lib/osso/graphql/mutations/create_identity_provider.rb +9 -7
- data/lib/osso/graphql/mutations/create_oauth_client.rb +30 -0
- data/lib/osso/graphql/mutations/delete_enterprise_account.rb +34 -0
- data/lib/osso/graphql/mutations/delete_oauth_client.rb +30 -0
- data/lib/osso/graphql/query.rb +2 -2
- data/lib/osso/graphql/resolvers/oauth_clients.rb +2 -2
- data/lib/osso/graphql/schema.rb +5 -1
- data/lib/osso/graphql/types.rb +2 -0
- data/lib/osso/graphql/types/base_input_object.rb +10 -0
- data/lib/osso/graphql/types/base_object.rb +2 -0
- data/lib/osso/graphql/types/enterprise_account.rb +5 -5
- data/lib/osso/graphql/types/identity_provider.rb +6 -13
- data/lib/osso/graphql/types/identity_provider_service.rb +1 -1
- data/lib/osso/graphql/types/identity_provider_status.rb +14 -0
- data/lib/osso/graphql/types/oauth_client.rb +13 -1
- data/lib/osso/helpers/auth.rb +16 -15
- data/lib/osso/lib/app_config.rb +1 -1
- data/lib/osso/lib/route_map.rb +28 -0
- data/lib/osso/models/access_token.rb +18 -0
- data/lib/osso/models/authorization_code.rb +20 -0
- data/lib/osso/models/enterprise_account.rb +24 -4
- data/lib/osso/models/identity_provider.rb +77 -0
- data/lib/osso/models/models.rb +3 -1
- data/lib/osso/models/oauth_client.rb +19 -3
- data/lib/osso/models/redirect_uri.rb +17 -0
- data/lib/osso/models/user.rb +25 -3
- data/lib/osso/routes/admin.rb +18 -15
- data/lib/osso/routes/auth.rb +30 -27
- data/lib/osso/routes/oauth.rb +50 -45
- data/lib/osso/version.rb +1 -1
- data/osso-rb.gemspec +3 -3
- data/spec/factories/enterprise_account.rb +5 -4
- data/spec/factories/identity_providers.rb +71 -0
- data/spec/factories/user.rb +1 -1
- data/spec/graphql/mutations/configure_identity_provider_spec.rb +75 -0
- data/spec/graphql/mutations/create_enterprise_account_spec.rb +68 -0
- data/spec/graphql/mutations/create_identity_provider_spec.rb +104 -0
- data/spec/graphql/mutations/create_oauth_client_spec.rb +55 -0
- data/spec/graphql/mutations/delete_enterprise_account_spec.rb +63 -0
- data/spec/graphql/mutations/delete_oauth_client_spec.rb +51 -0
- data/spec/graphql/query/enterprise_account_spec.rb +68 -0
- data/spec/graphql/query/enterprise_accounts_spec.rb +44 -0
- data/spec/graphql/query/identity_provider_spec.rb +65 -0
- data/spec/graphql/query/oauth_clients_spec.rb +50 -0
- data/spec/models/azure_saml_provider_spec.rb +14 -14
- data/spec/models/identity_provider_spec.rb +17 -0
- data/spec/models/okta_saml_provider_spec.rb +15 -15
- data/spec/routes/admin_spec.rb +2 -0
- data/spec/routes/auth_spec.rb +9 -9
- data/spec/routes/oauth_spec.rb +1 -1
- data/spec/spec_helper.rb +4 -5
- data/spec/support/spec_app.rb +9 -0
- metadata +47 -16
- data/lib/osso/db/migrate/20200328143303_create_oauth_tables.rb +0 -57
- data/lib/osso/db/migrate/20200411144528_create_saml_providers.rb +0 -13
- data/lib/osso/db/migrate/20200413153029_add_oauth_client_reference_to_saml_providers.rb +0 -5
- data/lib/osso/db/migrate/20200501203026_drop_null_constraints_from_saml_provider.rb +0 -7
- data/lib/osso/db/migrate/20200501204047_drop_acs_url.rb +0 -5
- data/lib/osso/db/migrate/20200502135008_add_oauth_client_id_to_enterprise_account.rb +0 -5
- data/lib/osso/db/migrate/20200601131227_drop_null_constraint_from_saml_providers_provider.rb +0 -7
- data/lib/osso/db/schema.rb +0 -132
- data/lib/osso/graphql/mutations/set_saml_provider.rb +0 -27
- data/lib/osso/models/saml_provider.rb +0 -52
- data/lib/osso/models/saml_providers/azure_saml_provider.rb +0 -22
- data/lib/osso/models/saml_providers/okta_saml_provider.rb +0 -23
- data/spec/factories/saml_providers.rb +0 -46
- data/spec/models/saml_provider_spec.rb +0 -31
@@ -1,52 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Osso
|
4
|
-
module Models
|
5
|
-
# Base class for SAML Providers
|
6
|
-
class SamlProvider < ActiveRecord::Base
|
7
|
-
NAME_FORMAT = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
|
8
|
-
self.inheritance_column = :provider
|
9
|
-
belongs_to :enterprise_account
|
10
|
-
belongs_to :oauth_client
|
11
|
-
has_many :users
|
12
|
-
|
13
|
-
before_create :create_enterprise_account
|
14
|
-
|
15
|
-
def name
|
16
|
-
raise(
|
17
|
-
NoMethodError,
|
18
|
-
'#name must be defined on each provider specific subclass',
|
19
|
-
)
|
20
|
-
end
|
21
|
-
|
22
|
-
def saml_options
|
23
|
-
raise(
|
24
|
-
NoMethodError,
|
25
|
-
'#saml_options must be defined on each provider specific subclass',
|
26
|
-
)
|
27
|
-
end
|
28
|
-
|
29
|
-
def assertion_consumer_service_url
|
30
|
-
[
|
31
|
-
ENV.fetch('BASE_URL'),
|
32
|
-
'auth',
|
33
|
-
'saml',
|
34
|
-
id,
|
35
|
-
'callback',
|
36
|
-
].join('/')
|
37
|
-
end
|
38
|
-
|
39
|
-
alias acs_url assertion_consumer_service_url
|
40
|
-
|
41
|
-
def create_enterprise_account
|
42
|
-
return if enterprise_account_id
|
43
|
-
|
44
|
-
self.enterprise_account = Models::EnterpriseAccount.create(
|
45
|
-
domain: domain,
|
46
|
-
)
|
47
|
-
end
|
48
|
-
end
|
49
|
-
end
|
50
|
-
end
|
51
|
-
require_relative 'saml_providers/azure_saml_provider'
|
52
|
-
require_relative 'saml_providers/okta_saml_provider'
|
@@ -1,22 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Osso
|
4
|
-
module Models
|
5
|
-
# Subclass for Azure / ADFS IDP instances
|
6
|
-
class AzureSamlProvider < Models::SamlProvider
|
7
|
-
def name
|
8
|
-
'Azure'
|
9
|
-
end
|
10
|
-
|
11
|
-
def saml_options
|
12
|
-
attributes.slice(
|
13
|
-
'domain',
|
14
|
-
'idp_cert',
|
15
|
-
'idp_sso_target_url',
|
16
|
-
).merge(
|
17
|
-
issuer: "id:#{id}",
|
18
|
-
).symbolize_keys
|
19
|
-
end
|
20
|
-
end
|
21
|
-
end
|
22
|
-
end
|
@@ -1,23 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Osso
|
4
|
-
module Models
|
5
|
-
# Subclass for Okta IDP instances
|
6
|
-
class OktaSamlProvider < Models::SamlProvider
|
7
|
-
def name
|
8
|
-
'Okta'
|
9
|
-
end
|
10
|
-
|
11
|
-
def saml_options
|
12
|
-
attributes.slice(
|
13
|
-
'domain',
|
14
|
-
'idp_cert',
|
15
|
-
'idp_sso_target_url',
|
16
|
-
).merge(
|
17
|
-
issuer: id,
|
18
|
-
name_identifier_format: NAME_FORMAT,
|
19
|
-
).symbolize_keys
|
20
|
-
end
|
21
|
-
end
|
22
|
-
end
|
23
|
-
end
|
@@ -1,46 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
FactoryBot.define do
|
4
|
-
factory :saml_provider, class: Osso::Models::SamlProvider do
|
5
|
-
id { SecureRandom.uuid }
|
6
|
-
domain { Faker::Internet.domain_name }
|
7
|
-
oauth_client
|
8
|
-
idp_cert do
|
9
|
-
<<~CERT
|
10
|
-
-----BEGIN CERTIFICATE-----
|
11
|
-
MIIDpDCCAoygAwIBAgIGAXEiD4LlMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
|
12
|
-
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
|
13
|
-
MBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi0xNjIwMjQxHDAaBgkqhkiG9w0BCQEW
|
14
|
-
DWluZm9Ab2t0YS5jb20wHhcNMjAwMzI4MTY1MTU0WhcNMzAwMzI4MTY1MjU0WjCBkjELMAkGA1UE
|
15
|
-
BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNV
|
16
|
-
BAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtMTYyMDI0MRwwGgYJ
|
17
|
-
KoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
|
18
|
-
wsnP4UTfv3bxR5Jh0at51Dqjj+fKxFznzFW3XA5NbF2SlRLjeYcvj3+47TC0eP6xOsLWfnvdnx4v
|
19
|
-
dd9Ufn7jDCo5pL3JykMVEh2I0szF3RLC+a532ArcwgU9Px48+rWVwPkASS7l4NHAM4+gOBHJMQt2
|
20
|
-
AMohPT0kU41P8BEPzfwhNyiEXR66JNZIJUE8fM3Vpgnxm/VSwYzJf0NfOyfxv8JczF0zkDbpE7Tk
|
21
|
-
3Ww/PFFLoMxWzanWGJQ+blnhv6UV6H4fcfAbcwAplOdIVHjS2ghYBvYNGahuFxjia0+6csyZGrt8
|
22
|
-
H4XmR5Dr+jXY5K1b1VOA0k19/FCnHHN/smn25wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBgD9NE
|
23
|
-
4OCuR1+vucV8S1T6XXIL2hB7bXBAZEVHZ1aErRzktgXAMgVwG267vIkD5VOXBiTy9yNU5LK6G3k2
|
24
|
-
zewU190sL1dMfyPnoVZyn94nvwe9A+on0tmZdmk00xirKk3FJdacnZNE9Dl/afIrcNf6xAm0WsU9
|
25
|
-
kbMiRwwvjO4TAiygDQzbrRC8ZfmT3hpBa3aTUzAccrvEQcgarLk4r7UjXP7a2mCN3UIIh+snN2Ms
|
26
|
-
vXHL0r6fM3xbniz+5lleWtPFw73yySBc8znkWZ4Tn8Lh0r6o5nCRYbr2REUB7ZIfiIyBbZxIp4kv
|
27
|
-
a+habbnQDFiNVzEd8OPXHh4EqLxOPDRW
|
28
|
-
-----END CERTIFICATE-----
|
29
|
-
CERT
|
30
|
-
end
|
31
|
-
|
32
|
-
factory :okta_saml_provider, parent: :saml_provider, class: Osso::Models::OktaSamlProvider do
|
33
|
-
provider { 'Osso::Models::OktaSamlProvider' }
|
34
|
-
idp_sso_target_url do
|
35
|
-
'https://dev-162024.okta.com/app/vcardmedev162024_rubydemo2_1/exk51326b3U1941Hf4x6/sso/saml'
|
36
|
-
end
|
37
|
-
end
|
38
|
-
|
39
|
-
factory :azure_saml_provider, parent: :saml_provider, class: Osso::Models::AzureSamlProvider do
|
40
|
-
provider { 'Osso::Models::AzureSamlProvider' }
|
41
|
-
idp_sso_target_url do
|
42
|
-
'https://login.microsoftonline.com/0af6c610-c40c-4683-9ea4-f25e509b8172/saml2'
|
43
|
-
end
|
44
|
-
end
|
45
|
-
end
|
46
|
-
end
|
@@ -1,31 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require 'spec_helper'
|
4
|
-
|
5
|
-
describe Osso::Models::SamlProvider do
|
6
|
-
subject { create(:okta_saml_provider) }
|
7
|
-
|
8
|
-
describe '.create' do
|
9
|
-
it 'creates an enterprise account' do
|
10
|
-
domain = Faker::Internet.domain_name
|
11
|
-
|
12
|
-
provider = described_class.create(
|
13
|
-
domain: domain,
|
14
|
-
provider: 'Osso::Models::OktaSamlProvider',
|
15
|
-
)
|
16
|
-
|
17
|
-
expect(provider.enterprise_account).to be_a(Osso::Models::EnterpriseAccount)
|
18
|
-
expect(provider.enterprise_account.domain).to eq(domain)
|
19
|
-
end
|
20
|
-
end
|
21
|
-
|
22
|
-
describe '#assertion_consumer_service_url' do
|
23
|
-
it 'returns the expected URI' do
|
24
|
-
ENV['BASE_URL'] = 'https://example.com'
|
25
|
-
|
26
|
-
expect(subject.assertion_consumer_service_url).to eq(
|
27
|
-
"https://example.com/auth/saml/#{subject.id}/callback",
|
28
|
-
)
|
29
|
-
end
|
30
|
-
end
|
31
|
-
end
|