osso 0.0.3.5 → 0.0.3.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (64) hide show
  1. checksums.yaml +4 -4
  2. data/.buildkite/pipeline.yml +4 -1
  3. data/Gemfile.lock +1 -1
  4. data/config/database.yml +2 -2
  5. data/db/schema.rb +133 -1
  6. data/lib/osso/db/migrate/20200328143305_create_identity_providers.rb +12 -0
  7. data/lib/osso/db/migrate/20200411184535_add_provider_id_to_users.rb +2 -2
  8. data/lib/osso/db/migrate/20200411192645_create_enterprise_accounts.rb +1 -1
  9. data/lib/osso/db/migrate/20200502135008_add_oauth_client_id_to_enterprise_accounts_and_identity_providers.rb +6 -0
  10. data/lib/osso/db/migrate/20200714223226_add_identity_provider_service_enum.rb +17 -0
  11. data/lib/osso/db/migrate/20200715154211_rename_idp_fields_on_identity_provider_to_sso.rb +6 -0
  12. data/lib/osso/db/migrate/20200715205801_add_name_to_enterprise_account.rb +5 -0
  13. data/lib/osso/graphql/mutation.rb +2 -1
  14. data/lib/osso/graphql/mutations.rb +2 -1
  15. data/lib/osso/graphql/mutations/base_mutation.rb +18 -7
  16. data/lib/osso/graphql/mutations/configure_identity_provider.rb +10 -13
  17. data/lib/osso/graphql/mutations/create_enterprise_account.rb +25 -0
  18. data/lib/osso/graphql/mutations/create_identity_provider.rb +9 -7
  19. data/lib/osso/graphql/mutations/{set_saml_provider.rb → set_identity_provider.rb} +4 -4
  20. data/lib/osso/graphql/query.rb +2 -2
  21. data/lib/osso/graphql/resolvers/oauth_clients.rb +1 -1
  22. data/lib/osso/graphql/schema.rb +1 -1
  23. data/lib/osso/graphql/types.rb +1 -0
  24. data/lib/osso/graphql/types/base_input_object.rb +10 -0
  25. data/lib/osso/graphql/types/enterprise_account.rb +1 -5
  26. data/lib/osso/graphql/types/identity_provider.rb +1 -13
  27. data/lib/osso/lib/app_config.rb +1 -1
  28. data/lib/osso/models/enterprise_account.rb +4 -4
  29. data/lib/osso/models/identity_provider.rb +48 -0
  30. data/lib/osso/models/models.rb +1 -1
  31. data/lib/osso/models/oauth_client.rb +1 -1
  32. data/lib/osso/models/saml_provider.rb +13 -16
  33. data/lib/osso/models/saml_providers/azure_saml_provider.rb +1 -1
  34. data/lib/osso/models/saml_providers/okta_saml_provider.rb +1 -1
  35. data/lib/osso/models/user.rb +3 -3
  36. data/lib/osso/routes/auth.rb +4 -4
  37. data/lib/osso/routes/oauth.rb +1 -1
  38. data/lib/osso/version.rb +1 -1
  39. data/spec/factories/enterprise_account.rb +5 -4
  40. data/spec/factories/identity_providers.rb +49 -0
  41. data/spec/factories/user.rb +1 -1
  42. data/spec/graphql/mutations/configure_identity_provider_spec.rb +65 -0
  43. data/spec/graphql/mutations/create_enterprise_account_spec.rb +68 -0
  44. data/spec/graphql/mutations/create_identity_provider_spec.rb +104 -0
  45. data/spec/graphql/query/enterprise_account_spec.rb +68 -0
  46. data/spec/graphql/query/enterprise_accounts_spec.rb +44 -0
  47. data/spec/graphql/query/identity_provider_spec.rb +62 -0
  48. data/spec/graphql/query/oauth_clients_account_spec.rb +48 -0
  49. data/spec/models/azure_saml_provider_spec.rb +14 -14
  50. data/spec/models/identity_provider_spec.rb +17 -0
  51. data/spec/models/okta_saml_provider_spec.rb +15 -15
  52. data/spec/routes/auth_spec.rb +9 -9
  53. data/spec/routes/oauth_spec.rb +1 -1
  54. data/spec/spec_helper.rb +1 -0
  55. metadata +20 -12
  56. data/lib/osso/db/migrate/20200411144528_create_saml_providers.rb +0 -13
  57. data/lib/osso/db/migrate/20200413153029_add_oauth_client_reference_to_saml_providers.rb +0 -5
  58. data/lib/osso/db/migrate/20200501203026_drop_null_constraints_from_saml_provider.rb +0 -7
  59. data/lib/osso/db/migrate/20200501204047_drop_acs_url.rb +0 -5
  60. data/lib/osso/db/migrate/20200502135008_add_oauth_client_id_to_enterprise_account.rb +0 -5
  61. data/lib/osso/db/migrate/20200601131227_drop_null_constraint_from_saml_providers_provider.rb +0 -7
  62. data/lib/osso/db/schema.rb +0 -132
  63. data/spec/factories/saml_providers.rb +0 -46
  64. data/spec/models/saml_provider_spec.rb +0 -31
data/spec/graphql/mutations/create_enterprise_account_spec.rb ADDED
@@ -0,0 +1,68 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'spec_helper'
4
+
5
+ describe Osso::GraphQL::Schema do
6
+ describe 'CreateIdentityProvider' do
7
+ let(:domain) { Faker::Internet.domain_name }
8
+ let(:variables) do
9
+ {
10
+ input: {
11
+ name: Faker::Company.name,
12
+ domain: domain,
13
+ },
14
+ }
15
+ end
16
+
17
+ let(:mutation) do
18
+ <<~GRAPHQL
19
+ mutation CreateEnterpriseAccount($input: CreateEnterpriseAccountInput!) {
20
+ createEnterpriseAccount(input: $input) {
21
+ enterpriseAccount {
22
+ id
23
+ domain
24
+ name
25
+ status
26
+ }
27
+ }
28
+ }
29
+ GRAPHQL
30
+ end
31
+
32
+ subject do
33
+ described_class.execute(
34
+ mutation,
35
+ variables: variables,
36
+ context: { scope: current_scope },
37
+ )
38
+ end
39
+
40
+ describe 'for an admin user' do
41
+ let(:current_scope) { :admin }
42
+ it 'creates an Enterprise Account' do
43
+ expect { subject }.to change { Osso::Models::EnterpriseAccount.count }.by(1)
44
+ expect(subject.dig('data', 'createEnterpriseAccount', 'enterpriseAccount', 'domain')).
45
+ to eq(domain)
46
+ end
47
+ end
48
+
49
+ describe 'for an email scoped user' do
50
+ let(:current_scope) { domain }
51
+
52
+ it 'creates an Enterprise Account' do
53
+ expect { subject }.to change { Osso::Models::EnterpriseAccount.count }.by(1)
54
+ expect(subject.dig('data', 'createEnterpriseAccount', 'enterpriseAccount', 'domain')).
55
+ to eq(domain)
56
+ end
57
+ end
58
+ describe 'for the wrong email scoped user' do
59
+ let(:current_scope) { 'foo.com' }
60
+
61
+ it 'does not create an Enterprise Account' do
62
+ expect { subject }.to_not(change { Osso::Models::EnterpriseAccount.count })
63
+ expect(subject.dig('data', 'createEnterpriseAccount', 'enterpriseAccount', 'domain')).
64
+ to be_nil
65
+ end
66
+ end
67
+ end
68
+ end
data/spec/graphql/mutations/create_identity_provider_spec.rb ADDED
@@ -0,0 +1,104 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'spec_helper'
4
+
5
+ describe Osso::GraphQL::Schema do
6
+ describe 'CreateIdentityProvider' do
7
+ let(:enterprise_account) { create(:enterprise_account) }
8
+ let(:mutation) do
9
+ <<~GRAPHQL
10
+ mutation CreateIdentityProvider($input: CreateIdentityProviderInput!) {
11
+ createIdentityProvider(input: $input) {
12
+ identityProvider {
13
+ id
14
+ domain
15
+ enterpriseAccountId
16
+ service
17
+ acsUrl
18
+ }
19
+ }
20
+ }
21
+ GRAPHQL
22
+ end
23
+
24
+ subject do
25
+ described_class.execute(
26
+ mutation,
27
+ variables: variables,
28
+ context: { scope: current_scope },
29
+ )
30
+ end
31
+
32
+ describe 'for an admin user' do
33
+ let(:current_scope) { :admin }
34
+ describe 'without a service' do
35
+ let(:variables) { { input: { enterpriseAccountId: enterprise_account.id } } }
36
+
37
+ it 'creates an identity provider' do
38
+ expect { subject }.to change { enterprise_account.identity_providers.count }.by(1)
39
+ expect(subject.dig('data', 'createIdentityProvider', 'identityProvider', 'domain')).
40
+ to eq(enterprise_account.domain)
41
+ end
42
+ end
43
+
44
+ describe 'with a service' do
45
+ let(:variables) { { input: { enterpriseAccountId: enterprise_account.id, service: 'OKTA' } } }
46
+
47
+ it 'creates an identity provider for given service ' do
48
+ expect { subject }.to change { enterprise_account.identity_providers.count }.by(1)
49
+ expect(subject.dig('data', 'createIdentityProvider', 'identityProvider', 'service')).
50
+ to eq('OKTA')
51
+ end
52
+ end
53
+ end
54
+
55
+ describe 'for an email scoped user' do
56
+ let(:domain) { Faker::Internet.domain_name }
57
+ let(:current_scope) { domain }
58
+ let(:enterprise_account) { create(:enterprise_account, domain: domain) }
59
+
60
+ describe 'without a service' do
61
+ let(:variables) { { input: { enterpriseAccountId: enterprise_account.id } } }
62
+
63
+ it 'creates an identity provider' do
64
+ expect { subject }.to change { enterprise_account.identity_providers.count }.by(1)
65
+ expect(subject.dig('data', 'createIdentityProvider', 'identityProvider', 'domain')).
66
+ to eq(domain)
67
+ end
68
+ end
69
+
70
+ describe 'with a service' do
71
+ let(:variables) { { input: { enterpriseAccountId: enterprise_account.id, service: 'OKTA' } } }
72
+
73
+ it 'creates an identity provider for given service ' do
74
+ expect { subject }.to change { enterprise_account.identity_providers.count }.by(1)
75
+ expect(subject.dig('data', 'createIdentityProvider', 'identityProvider', 'service')).
76
+ to eq('OKTA')
77
+ end
78
+ end
79
+ end
80
+
81
+ describe 'for a wrong email scoped user' do
82
+ let(:domain) { Faker::Internet.domain_name }
83
+ let(:current_scope) { domain }
84
+ let(:enterprise_account) { create(:enterprise_account, domain: domain) }
85
+ let(:target_account) { create(:enterprise_account) }
86
+
87
+ describe 'without a service' do
88
+ let(:variables) { { input: { enterpriseAccountId: target_account.id } } }
89
+
90
+ it 'does not creates a identity provider' do
91
+ expect { subject }.to_not(change { Osso::Models::IdentityProvider.count })
92
+ end
93
+ end
94
+
95
+ describe 'with a service' do
96
+ let(:variables) { { input: { enterpriseAccountId: target_account.id, service: 'OKTA' } } }
97
+
98
+ it 'does not creates a identity provider' do
99
+ expect { subject }.to_not(change { Osso::Models::IdentityProvider.count })
100
+ end
101
+ end
102
+ end
103
+ end
104
+ end
data/spec/graphql/query/enterprise_account_spec.rb ADDED
@@ -0,0 +1,68 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'spec_helper'
4
+
5
+ describe Osso::GraphQL::Schema do
6
+ describe 'EnterpriseAccount' do
7
+ let(:domain) { Faker::Internet.domain_name }
8
+ let(:variables) { { domain: domain } }
9
+ let(:query) do
10
+ <<~GRAPHQL
11
+ query EnterpriseAccount($domain: String!) {
12
+ enterpriseAccount(domain: $domain) {
13
+ domain
14
+ id
15
+ identityProviders {
16
+ id
17
+ service
18
+ domain
19
+ acsUrl
20
+ ssoCert
21
+ ssoUrl
22
+ configured
23
+ }
24
+ name
25
+ status
26
+ }
27
+ }
28
+ GRAPHQL
29
+ end
30
+
31
+ before do
32
+ create(:enterprise_account)
33
+ create(:enterprise_account, domain: domain)
34
+ end
35
+
36
+ subject do
37
+ described_class.execute(
38
+ query,
39
+ variables: variables,
40
+ context: { scope: current_scope },
41
+ )
42
+ end
43
+
44
+ describe 'for an admin user' do
45
+ let(:current_scope) { :admin }
46
+ it 'returns Enterprise Account for domain' do
47
+ expect(subject['errors']).to be_nil
48
+ expect(subject.dig('data', 'enterpriseAccount', 'domain')).to eq(domain)
49
+ end
50
+ end
51
+
52
+ describe 'for an email scoped user' do
53
+ let(:current_scope) { domain }
54
+ it 'returns Enterprise Account for domain' do
55
+ expect(subject['errors']).to be_nil
56
+ expect(subject.dig('data', 'enterpriseAccount', 'domain')).to eq(domain)
57
+ end
58
+ end
59
+
60
+ describe 'for the wrong email scoped user' do
61
+ let(:current_scope) { 'bar.com' }
62
+ it 'returns Enterprise Account for domain' do
63
+ expect(subject['errors']).to be_nil
64
+ expect(subject.dig('data', 'enterpriseAccount')).to be_nil
65
+ end
66
+ end
67
+ end
68
+ end
data/spec/graphql/query/enterprise_accounts_spec.rb ADDED
@@ -0,0 +1,44 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'spec_helper'
4
+
5
+ describe Osso::GraphQL::Schema do
6
+ describe 'EnterpriseAccounts' do
7
+ describe 'for an admin user' do
8
+ let(:current_scope) { :admin }
9
+
10
+ it 'returns Enterprise Accounts' do
11
+ create_list(:enterprise_account, 2)
12
+
13
+ query = <<~GRAPHQL
14
+ query EnterpriseAccounts {
15
+ enterpriseAccounts {
16
+ domain
17
+ id
18
+ identityProviders {
19
+ id
20
+ service
21
+ domain
22
+ acsUrl
23
+ ssoCert
24
+ ssoUrl
25
+ configured
26
+ }
27
+ name
28
+ status
29
+ }
30
+ }
31
+ GRAPHQL
32
+
33
+ response = described_class.execute(
34
+ query,
35
+ variables: nil,
36
+ context: { scope: current_scope },
37
+ )
38
+
39
+ expect(response['errors']).to be_nil
40
+ expect(response.dig('data', 'enterpriseAccounts').count).to eq(2)
41
+ end
42
+ end
43
+ end
44
+ end
data/spec/graphql/query/identity_provider_spec.rb ADDED
@@ -0,0 +1,62 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'spec_helper'
4
+
5
+ describe Osso::GraphQL::Schema do
6
+ describe 'Identity Provider' do
7
+ let(:id) { Faker::Internet.uuid }
8
+ let(:variables) { { id: id } }
9
+ let(:query) do
10
+ <<~GRAPHQL
11
+ query IdentityProvider($id: ID!) {
12
+ identityProvider(id: $id) {
13
+ id
14
+ service
15
+ domain
16
+ acsUrl
17
+ ssoCert
18
+ ssoUrl
19
+ configured
20
+ }
21
+ }
22
+ GRAPHQL
23
+ end
24
+
25
+ before do
26
+ create(:identity_provider)
27
+ create(:identity_provider, id: id)
28
+ end
29
+
30
+ subject do
31
+ described_class.execute(
32
+ query,
33
+ variables: variables,
34
+ context: { scope: current_scope },
35
+ )
36
+ end
37
+
38
+ describe 'for an admin user' do
39
+ let(:current_scope) { :admin }
40
+ it 'returns Identity Provider for id' do
41
+ expect(subject['errors']).to be_nil
42
+ expect(subject.dig('data', 'identityProvider', 'id')).to eq(id)
43
+ end
44
+ end
45
+
46
+ xdescribe 'for an email scoped user' do
47
+ let(:current_scope) { domain }
48
+ it 'returns Enterprise Account for domain' do
49
+ expect(subject['errors']).to be_nil
50
+ expect(subject.dig('data', 'enterpriseAccount', 'domain')).to eq(domain)
51
+ end
52
+ end
53
+
54
+ xdescribe 'for the wrong email scoped user' do
55
+ let(:current_scope) { 'bar.com' }
56
+ it 'returns Enterprise Account for domain' do
57
+ expect(subject['errors']).to be_nil
58
+ expect(subject.dig('data', 'enterpriseAccount')).to be_nil
59
+ end
60
+ end
61
+ end
62
+ end
data/spec/graphql/query/oauth_clients_account_spec.rb ADDED
@@ -0,0 +1,48 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'spec_helper'
4
+
5
+ describe Osso::GraphQL::Schema do
6
+ describe 'OAuthClients' do
7
+ let(:query) do
8
+ <<~GRAPHQL
9
+ query OAuthClients {
10
+ oauthClients {
11
+ name
12
+ id
13
+ }
14
+ }
15
+ GRAPHQL
16
+ end
17
+
18
+ before do
19
+ create_list(:oauth_client, 2)
20
+ end
21
+
22
+ subject do
23
+ described_class.execute(
24
+ query,
25
+ variables: nil,
26
+ context: { scope: current_scope },
27
+ )
28
+ end
29
+
30
+ describe 'for an admin user' do
31
+ let(:current_scope) { :admin }
32
+
33
+ it 'returns Oauth Clients' do
34
+ expect(subject['errors']).to be_nil
35
+ expect(subject.dig('data', 'oauthClients').count).to eq(2)
36
+ end
37
+ end
38
+
39
+ describe 'for an email scoped user' do
40
+ let(:current_scope) { 'foo.com' }
41
+
42
+ it 'returns Oauth Clients' do
43
+ expect(subject['errors']).to be_nil
44
+ expect(subject.dig('data', 'oauthClients')).to be_nil
45
+ end
46
+ end
47
+ end
48
+ end
data/spec/models/azure_saml_provider_spec.rb CHANGED
@@ -2,18 +2,18 @@
2
2
 
3
3
  require 'spec_helper'
4
4
 
5
- describe Osso::Models::AzureSamlProvider do
6
- subject { create(:azure_saml_provider) }
5
+ # describe Osso::Models::AzureSamlProvider do
6
+ # subject { create(:azure_identity_provider) }
7
7
 
8
- describe '#saml_options' do
9
- it 'returns the required args' do
10
- expect(subject.saml_options).
11
- to match(
12
- domain: subject.domain,
13
- idp_cert: subject.idp_cert,
14
- idp_sso_target_url: subject.idp_sso_target_url,
15
- issuer: "id:#{subject.id}",
16
- )
17
- end
18
- end
19
- end
8
+ # describe '#saml_options' do
9
+ # it 'returns the required args' do
10
+ # expect(subject.saml_options).
11
+ # to match(
12
+ # domain: subject.domain,
13
+ # idp_cert: subject.idp_cert,
14
+ # idp_sso_target_url: subject.idp_sso_target_url,
15
+ # issuer: "id:#{subject.id}",
16
+ # )
17
+ # end
18
+ # end
19
+ # end
data/spec/models/identity_provider_spec.rb ADDED
@@ -0,0 +1,17 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'spec_helper'
4
+
5
+ describe Osso::Models::IdentityProvider do
6
+ subject { create(:okta_identity_provider) }
7
+
8
+ describe '#assertion_consumer_service_url' do
9
+ it 'returns the expected URI' do
10
+ ENV['BASE_URL'] = 'https://example.com'
11
+
12
+ expect(subject.assertion_consumer_service_url).to eq(
13
+ "https://example.com/auth/saml/#{subject.id}/callback",
14
+ )
15
+ end
16
+ end
17
+ end