osso 0.0.3.5 → 0.0.3.6

Sign up to get free protection for your applications and to get access to all the features.
Files changed (64) hide show
  1. checksums.yaml +4 -4
  2. data/.buildkite/pipeline.yml +4 -1
  3. data/Gemfile.lock +1 -1
  4. data/config/database.yml +2 -2
  5. data/db/schema.rb +133 -1
  6. data/lib/osso/db/migrate/20200328143305_create_identity_providers.rb +12 -0
  7. data/lib/osso/db/migrate/20200411184535_add_provider_id_to_users.rb +2 -2
  8. data/lib/osso/db/migrate/20200411192645_create_enterprise_accounts.rb +1 -1
  9. data/lib/osso/db/migrate/20200502135008_add_oauth_client_id_to_enterprise_accounts_and_identity_providers.rb +6 -0
  10. data/lib/osso/db/migrate/20200714223226_add_identity_provider_service_enum.rb +17 -0
  11. data/lib/osso/db/migrate/20200715154211_rename_idp_fields_on_identity_provider_to_sso.rb +6 -0
  12. data/lib/osso/db/migrate/20200715205801_add_name_to_enterprise_account.rb +5 -0
  13. data/lib/osso/graphql/mutation.rb +2 -1
  14. data/lib/osso/graphql/mutations.rb +2 -1
  15. data/lib/osso/graphql/mutations/base_mutation.rb +18 -7
  16. data/lib/osso/graphql/mutations/configure_identity_provider.rb +10 -13
  17. data/lib/osso/graphql/mutations/create_enterprise_account.rb +25 -0
  18. data/lib/osso/graphql/mutations/create_identity_provider.rb +9 -7
  19. data/lib/osso/graphql/mutations/{set_saml_provider.rb → set_identity_provider.rb} +4 -4
  20. data/lib/osso/graphql/query.rb +2 -2
  21. data/lib/osso/graphql/resolvers/oauth_clients.rb +1 -1
  22. data/lib/osso/graphql/schema.rb +1 -1
  23. data/lib/osso/graphql/types.rb +1 -0
  24. data/lib/osso/graphql/types/base_input_object.rb +10 -0
  25. data/lib/osso/graphql/types/enterprise_account.rb +1 -5
  26. data/lib/osso/graphql/types/identity_provider.rb +1 -13
  27. data/lib/osso/lib/app_config.rb +1 -1
  28. data/lib/osso/models/enterprise_account.rb +4 -4
  29. data/lib/osso/models/identity_provider.rb +48 -0
  30. data/lib/osso/models/models.rb +1 -1
  31. data/lib/osso/models/oauth_client.rb +1 -1
  32. data/lib/osso/models/saml_provider.rb +13 -16
  33. data/lib/osso/models/saml_providers/azure_saml_provider.rb +1 -1
  34. data/lib/osso/models/saml_providers/okta_saml_provider.rb +1 -1
  35. data/lib/osso/models/user.rb +3 -3
  36. data/lib/osso/routes/auth.rb +4 -4
  37. data/lib/osso/routes/oauth.rb +1 -1
  38. data/lib/osso/version.rb +1 -1
  39. data/spec/factories/enterprise_account.rb +5 -4
  40. data/spec/factories/identity_providers.rb +49 -0
  41. data/spec/factories/user.rb +1 -1
  42. data/spec/graphql/mutations/configure_identity_provider_spec.rb +65 -0
  43. data/spec/graphql/mutations/create_enterprise_account_spec.rb +68 -0
  44. data/spec/graphql/mutations/create_identity_provider_spec.rb +104 -0
  45. data/spec/graphql/query/enterprise_account_spec.rb +68 -0
  46. data/spec/graphql/query/enterprise_accounts_spec.rb +44 -0
  47. data/spec/graphql/query/identity_provider_spec.rb +62 -0
  48. data/spec/graphql/query/oauth_clients_account_spec.rb +48 -0
  49. data/spec/models/azure_saml_provider_spec.rb +14 -14
  50. data/spec/models/identity_provider_spec.rb +17 -0
  51. data/spec/models/okta_saml_provider_spec.rb +15 -15
  52. data/spec/routes/auth_spec.rb +9 -9
  53. data/spec/routes/oauth_spec.rb +1 -1
  54. data/spec/spec_helper.rb +1 -0
  55. metadata +20 -12
  56. data/lib/osso/db/migrate/20200411144528_create_saml_providers.rb +0 -13
  57. data/lib/osso/db/migrate/20200413153029_add_oauth_client_reference_to_saml_providers.rb +0 -5
  58. data/lib/osso/db/migrate/20200501203026_drop_null_constraints_from_saml_provider.rb +0 -7
  59. data/lib/osso/db/migrate/20200501204047_drop_acs_url.rb +0 -5
  60. data/lib/osso/db/migrate/20200502135008_add_oauth_client_id_to_enterprise_account.rb +0 -5
  61. data/lib/osso/db/migrate/20200601131227_drop_null_constraint_from_saml_providers_provider.rb +0 -7
  62. data/lib/osso/db/schema.rb +0 -132
  63. data/spec/factories/saml_providers.rb +0 -46
  64. data/spec/models/saml_provider_spec.rb +0 -31
data/spec/graphql/mutations/create_enterprise_account_spec.rb ADDED
@@ -0,0 +1,68 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'spec_helper'
4
+
5
+ describe Osso::GraphQL::Schema do
6
+ describe 'CreateIdentityProvider' do
7
+ let(:domain) { Faker::Internet.domain_name }
8
+ let(:variables) do
9
+ {
10
+ input: {
11
+ name: Faker::Company.name,
12
+ domain: domain,
13
+ },
14
+ }
15
+ end
16
+
17
+ let(:mutation) do
18
+ <<~GRAPHQL
19
+ mutation CreateEnterpriseAccount($input: CreateEnterpriseAccountInput!) {
20
+ createEnterpriseAccount(input: $input) {
21
+ enterpriseAccount {
22
+ id
23
+ domain
24
+ name
25
+ status
26
+ }
27
+ }
28
+ }
29
+ GRAPHQL
30
+ end
31
+
32
+ subject do
33
+ described_class.execute(
34
+ mutation,
35
+ variables: variables,
36
+ context: { scope: current_scope },
37
+ )
38
+ end
39
+
40
+ describe 'for an admin user' do
41
+ let(:current_scope) { :admin }
42
+ it 'creates an Enterprise Account' do
43
+ expect { subject }.to change { Osso::Models::EnterpriseAccount.count }.by(1)
44
+ expect(subject.dig('data', 'createEnterpriseAccount', 'enterpriseAccount', 'domain')).
45
+ to eq(domain)
46
+ end
47
+ end
48
+
49
+ describe 'for an email scoped user' do
50
+ let(:current_scope) { domain }
51
+
52
+ it 'creates an Enterprise Account' do
53
+ expect { subject }.to change { Osso::Models::EnterpriseAccount.count }.by(1)
54
+ expect(subject.dig('data', 'createEnterpriseAccount', 'enterpriseAccount', 'domain')).
55
+ to eq(domain)
56
+ end
57
+ end
58
+ describe 'for the wrong email scoped user' do
59
+ let(:current_scope) { 'foo.com' }
60
+
61
+ it 'does not create an Enterprise Account' do
62
+ expect { subject }.to_not(change { Osso::Models::EnterpriseAccount.count })
63
+ expect(subject.dig('data', 'createEnterpriseAccount', 'enterpriseAccount', 'domain')).
64
+ to be_nil
65
+ end
66
+ end
67
+ end
68
+ end
data/spec/graphql/mutations/create_identity_provider_spec.rb ADDED
@@ -0,0 +1,104 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'spec_helper'
4
+
5
+ describe Osso::GraphQL::Schema do
6
+ describe 'CreateIdentityProvider' do
7
+ let(:enterprise_account) { create(:enterprise_account) }
8
+ let(:mutation) do
9
+ <<~GRAPHQL
10
+ mutation CreateIdentityProvider($input: CreateIdentityProviderInput!) {
11
+ createIdentityProvider(input: $input) {
12
+ identityProvider {
13
+ id
14
+ domain
15
+ enterpriseAccountId
16
+ service
17
+ acsUrl
18
+ }
19
+ }
20
+ }
21
+ GRAPHQL
22
+ end
23
+
24
+ subject do
25
+ described_class.execute(
26
+ mutation,
27
+ variables: variables,
28
+ context: { scope: current_scope },
29
+ )
30
+ end
31
+
32
+ describe 'for an admin user' do
33
+ let(:current_scope) { :admin }
34
+ describe 'without a service' do
35
+ let(:variables) { { input: { enterpriseAccountId: enterprise_account.id } } }
36
+
37
+ it 'creates an identity provider' do
38
+ expect { subject }.to change { enterprise_account.identity_providers.count }.by(1)
39
+ expect(subject.dig('data', 'createIdentityProvider', 'identityProvider', 'domain')).
40
+ to eq(enterprise_account.domain)
41
+ end
42
+ end
43
+
44
+ describe 'with a service' do
45
+ let(:variables) { { input: { enterpriseAccountId: enterprise_account.id, service: 'OKTA' } } }
46
+
47
+ it 'creates an identity provider for given service ' do
48
+ expect { subject }.to change { enterprise_account.identity_providers.count }.by(1)
49
+ expect(subject.dig('data', 'createIdentityProvider', 'identityProvider', 'service')).
50
+ to eq('OKTA')
51
+ end
52
+ end
53
+ end
54
+
55
+ describe 'for an email scoped user' do
56
+ let(:domain) { Faker::Internet.domain_name }
57
+ let(:current_scope) { domain }
58
+ let(:enterprise_account) { create(:enterprise_account, domain: domain) }
59
+
60
+ describe 'without a service' do
61
+ let(:variables) { { input: { enterpriseAccountId: enterprise_account.id } } }
62
+
63
+ it 'creates an identity provider' do
64
+ expect { subject }.to change { enterprise_account.identity_providers.count }.by(1)
65
+ expect(subject.dig('data', 'createIdentityProvider', 'identityProvider', 'domain')).
66
+ to eq(domain)
67
+ end
68
+ end
69
+
70
+ describe 'with a service' do
71
+ let(:variables) { { input: { enterpriseAccountId: enterprise_account.id, service: 'OKTA' } } }
72
+
73
+ it 'creates an identity provider for given service ' do
74
+ expect { subject }.to change { enterprise_account.identity_providers.count }.by(1)
75
+ expect(subject.dig('data', 'createIdentityProvider', 'identityProvider', 'service')).
76
+ to eq('OKTA')
77
+ end
78
+ end
79
+ end
80
+
81
+ describe 'for a wrong email scoped user' do
82
+ let(:domain) { Faker::Internet.domain_name }
83
+ let(:current_scope) { domain }
84
+ let(:enterprise_account) { create(:enterprise_account, domain: domain) }
85
+ let(:target_account) { create(:enterprise_account) }
86
+
87
+ describe 'without a service' do
88
+ let(:variables) { { input: { enterpriseAccountId: target_account.id } } }
89
+
90
+ it 'does not creates a identity provider' do
91
+ expect { subject }.to_not(change { Osso::Models::IdentityProvider.count })
92
+ end
93
+ end
94
+
95
+ describe 'with a service' do
96
+ let(:variables) { { input: { enterpriseAccountId: target_account.id, service: 'OKTA' } } }
97
+
98
+ it 'does not creates a identity provider' do
99
+ expect { subject }.to_not(change { Osso::Models::IdentityProvider.count })
100
+ end
101
+ end
102
+ end
103
+ end
104
+ end
data/spec/graphql/query/enterprise_account_spec.rb ADDED
@@ -0,0 +1,68 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'spec_helper'
4
+
5
+ describe Osso::GraphQL::Schema do
6
+ describe 'EnterpriseAccount' do
7
+ let(:domain) { Faker::Internet.domain_name }
8
+ let(:variables) { { domain: domain } }
9
+ let(:query) do
10
+ <<~GRAPHQL
11
+ query EnterpriseAccount($domain: String!) {
12
+ enterpriseAccount(domain: $domain) {
13
+ domain
14
+ id
15
+ identityProviders {
16
+ id
17
+ service
18
+ domain
19
+ acsUrl
20
+ ssoCert
21
+ ssoUrl
22
+ configured
23
+ }
24
+ name
25
+ status
26
+ }
27
+ }
28
+ GRAPHQL
29
+ end
30
+
31
+ before do
32
+ create(:enterprise_account)
33
+ create(:enterprise_account, domain: domain)
34
+ end
35
+
36
+ subject do
37
+ described_class.execute(
38
+ query,
39
+ variables: variables,
40
+ context: { scope: current_scope },
41
+ )
42
+ end
43
+
44
+ describe 'for an admin user' do
45
+ let(:current_scope) { :admin }
46
+ it 'returns Enterprise Account for domain' do
47
+ expect(subject['errors']).to be_nil
48
+ expect(subject.dig('data', 'enterpriseAccount', 'domain')).to eq(domain)
49
+ end
50
+ end
51
+
52
+ describe 'for an email scoped user' do
53
+ let(:current_scope) { domain }
54
+ it 'returns Enterprise Account for domain' do
55
+ expect(subject['errors']).to be_nil
56
+ expect(subject.dig('data', 'enterpriseAccount', 'domain')).to eq(domain)
57
+ end
58
+ end
59
+
60
+ describe 'for the wrong email scoped user' do
61
+ let(:current_scope) { 'bar.com' }
62
+ it 'returns Enterprise Account for domain' do
63
+ expect(subject['errors']).to be_nil
64
+ expect(subject.dig('data', 'enterpriseAccount')).to be_nil
65
+ end
66
+ end
67
+ end
68
+ end
data/spec/graphql/query/enterprise_accounts_spec.rb ADDED
@@ -0,0 +1,44 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'spec_helper'
4
+
5
+ describe Osso::GraphQL::Schema do
6
+ describe 'EnterpriseAccounts' do
7
+ describe 'for an admin user' do
8
+ let(:current_scope) { :admin }
9
+
10
+ it 'returns Enterprise Accounts' do
11
+ create_list(:enterprise_account, 2)
12
+
13
+ query = <<~GRAPHQL
14
+ query EnterpriseAccounts {
15
+ enterpriseAccounts {
16
+ domain
17
+ id
18
+ identityProviders {
19
+ id
20
+ service
21
+ domain
22
+ acsUrl
23
+ ssoCert
24
+ ssoUrl
25
+ configured
26
+ }
27
+ name
28
+ status
29
+ }
30
+ }
31
+ GRAPHQL
32
+
33
+ response = described_class.execute(
34
+ query,
35
+ variables: nil,
36
+ context: { scope: current_scope },
37
+ )
38
+
39
+ expect(response['errors']).to be_nil
40
+ expect(response.dig('data', 'enterpriseAccounts').count).to eq(2)
41
+ end
42
+ end
43
+ end
44
+ end
data/spec/graphql/query/identity_provider_spec.rb ADDED
@@ -0,0 +1,62 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'spec_helper'
4
+
5
+ describe Osso::GraphQL::Schema do
6
+ describe 'Identity Provider' do
7
+ let(:id) { Faker::Internet.uuid }
8
+ let(:variables) { { id: id } }
9
+ let(:query) do
10
+ <<~GRAPHQL
11
+ query IdentityProvider($id: ID!) {
12
+ identityProvider(id: $id) {
13
+ id
14
+ service
15
+ domain
16
+ acsUrl
17
+ ssoCert
18
+ ssoUrl
19
+ configured
20
+ }
21
+ }
22
+ GRAPHQL
23
+ end
24
+
25
+ before do
26
+ create(:identity_provider)
27
+ create(:identity_provider, id: id)
28
+ end
29
+
30
+ subject do
31
+ described_class.execute(
32
+ query,
33
+ variables: variables,
34
+ context: { scope: current_scope },
35
+ )
36
+ end
37
+
38
+ describe 'for an admin user' do
39
+ let(:current_scope) { :admin }
40
+ it 'returns Identity Provider for id' do
41
+ expect(subject['errors']).to be_nil
42
+ expect(subject.dig('data', 'identityProvider', 'id')).to eq(id)
43
+ end
44
+ end
45
+
46
+ xdescribe 'for an email scoped user' do
47
+ let(:current_scope) { domain }
48
+ it 'returns Enterprise Account for domain' do
49
+ expect(subject['errors']).to be_nil
50
+ expect(subject.dig('data', 'enterpriseAccount', 'domain')).to eq(domain)
51
+ end
52
+ end
53
+
54
+ xdescribe 'for the wrong email scoped user' do
55
+ let(:current_scope) { 'bar.com' }
56
+ it 'returns Enterprise Account for domain' do
57
+ expect(subject['errors']).to be_nil
58
+ expect(subject.dig('data', 'enterpriseAccount')).to be_nil
59
+ end
60
+ end
61
+ end
62
+ end
data/spec/graphql/query/oauth_clients_account_spec.rb ADDED
@@ -0,0 +1,48 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'spec_helper'
4
+
5
+ describe Osso::GraphQL::Schema do
6
+ describe 'OAuthClients' do
7
+ let(:query) do
8
+ <<~GRAPHQL
9
+ query OAuthClients {
10
+ oauthClients {
11
+ name
12
+ id
13
+ }
14
+ }
15
+ GRAPHQL
16
+ end
17
+
18
+ before do
19
+ create_list(:oauth_client, 2)
20
+ end
21
+
22
+ subject do
23
+ described_class.execute(
24
+ query,
25
+ variables: nil,
26
+ context: { scope: current_scope },
27
+ )
28
+ end
29
+
30
+ describe 'for an admin user' do
31
+ let(:current_scope) { :admin }
32
+
33
+ it 'returns Oauth Clients' do
34
+ expect(subject['errors']).to be_nil
35
+ expect(subject.dig('data', 'oauthClients').count).to eq(2)
36
+ end
37
+ end
38
+
39
+ describe 'for an email scoped user' do
40
+ let(:current_scope) { 'foo.com' }
41
+
42
+ it 'returns Oauth Clients' do
43
+ expect(subject['errors']).to be_nil
44
+ expect(subject.dig('data', 'oauthClients')).to be_nil
45
+ end
46
+ end
47
+ end
48
+ end
data/spec/models/azure_saml_provider_spec.rb CHANGED
@@ -2,18 +2,18 @@
2
2
 
3
3
  require 'spec_helper'
4
4
 
5
- describe Osso::Models::AzureSamlProvider do
6
- subject { create(:azure_saml_provider) }
5
+ # describe Osso::Models::AzureSamlProvider do
6
+ # subject { create(:azure_identity_provider) }
7
7
 
8
- describe '#saml_options' do
9
- it 'returns the required args' do
10
- expect(subject.saml_options).
11
- to match(
12
- domain: subject.domain,
13
- idp_cert: subject.idp_cert,
14
- idp_sso_target_url: subject.idp_sso_target_url,
15
- issuer: "id:#{subject.id}",
16
- )
17
- end
18
- end
19
- end
8
+ # describe '#saml_options' do
9
+ # it 'returns the required args' do
10
+ # expect(subject.saml_options).
11
+ # to match(
12
+ # domain: subject.domain,
13
+ # idp_cert: subject.idp_cert,
14
+ # idp_sso_target_url: subject.idp_sso_target_url,
15
+ # issuer: "id:#{subject.id}",
16
+ # )
17
+ # end
18
+ # end
19
+ # end
data/spec/models/identity_provider_spec.rb ADDED
@@ -0,0 +1,17 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'spec_helper'
4
+
5
+ describe Osso::Models::IdentityProvider do
6
+ subject { create(:okta_identity_provider) }
7
+
8
+ describe '#assertion_consumer_service_url' do
9
+ it 'returns the expected URI' do
10
+ ENV['BASE_URL'] = 'https://example.com'
11
+
12
+ expect(subject.assertion_consumer_service_url).to eq(
13
+ "https://example.com/auth/saml/#{subject.id}/callback",
14
+ )
15
+ end
16
+ end
17
+ end