osso 0.0.3.6 → 0.0.3.11

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f2d208f60074e354a988dd4f6d1e07409a8c5b9809371f2ab86e952c1cf52cb2
-  data.tar.gz: a113355db7bb066f7f87fea0bf8313bc7f60d628380abb8f334fc5de8e7e2d29
+  metadata.gz: ffe9bf4e6f4de963af60c998d318a471e1ff3e33ef5a6c544c8923de762020bc
+  data.tar.gz: a994f84634c584268e517688ec62b61315da4fa1ab2ea05787305b34deb964f5
 SHA512:
-  metadata.gz: fec8ba8811aa056a367f975f206309cf74148a2bb551f8b37073a5c084a8fdeb86433dcd55862e24fe1199ba0b9ac8f3d166fce74ab7ea61ac5faa0690426baf
-  data.tar.gz: 20f63616bfc1619d503357be6cbabc114bd9a9402fdd7cdf3e0caa5415fb19dd4cf22a56dcdc6aa83c0b323cd77f4da529659e1455e3c277f4d4180d97e290d5
+  metadata.gz: 6c4e301385bb83a8ca5f7d66e4a3b3383c7ea3f58f395dc83e1cbadadb2a6896e1852ed787ae9a33a37a2871c3d5c28e5f33e072b7980ad904f958e95b4addb8
+  data.tar.gz: 8529f13cc30d05946b7fa798b117483dd20b9415d27b6caccecfff228a666b73bfd1f36ceb7e19d7977803159a56aff0eca9075cb380fe7fde3ce560a1847217

data/.buildkite/pipeline.yml

@@ -1,6 +1,8 @@
 steps:
   - name: ":rspec:"
     commands: 
-        - "bundle install"
-        - "bundle exec rake db:test:prepare"
-        - "bundle exec rspec"
+      - bundle install
+      - bundle exec rake db:drop
+      - bundle exec rake db:create
+      - RACK_ENV=test bundle exec rake db:migrate
+      - bundle exec rspec

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    osso (0.0.3.6)
+    osso (0.0.3.11)
       activesupport (>= 6.0.3.2)
       graphql
       jwt
@@ -32,6 +32,9 @@ GEM
     addressable (2.7.0)
       public_suffix (>= 2.0.2, < 5.0)
     aes_key_wrap (1.0.1)
+    annotate (3.1.1)
+      activerecord (>= 3.2, < 7.0)
+      rake (>= 10.4, < 14.0)
     ast (2.4.1)
     attr_required (1.0.1)
     backports (3.18.1)
@@ -160,6 +163,7 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  annotate (~> 3.1)
   bundler (~> 2.1)
   database_cleaner-active_record
   factory_bot

data/bin/annotate

@@ -0,0 +1 @@
+annotate --require osso.rb  --models --model-dir ./lib/osso/models/ --position bottom -k -i

data/db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2020_07_15_205801) do
+ActiveRecord::Schema.define(version: 2020_07_23_162228) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "pgcrypto"
@@ -47,64 +47,21 @@ ActiveRecord::Schema.define(version: 2020_07_15_205801) do
     t.string "external_id"
     t.uuid "oauth_client_id"
     t.string "name", null: false
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
     t.index ["domain"], name: "index_enterprise_accounts_on_domain", unique: true
     t.index ["oauth_client_id"], name: "index_enterprise_accounts_on_oauth_client_id"
   end
 
-  create_table "identity_providers", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
-    t.string "service"
-    t.string "domain", null: false
-    t.string "sso_url"
-    t.text "sso_cert"
-    t.uuid "enterprise_account_id"
-    t.uuid "oauth_client_id"
-    t.index ["domain"], name: "index_identity_providers_on_domain"
-    t.index ["enterprise_account_id"], name: "index_identity_providers_on_enterprise_account_id"
-    t.index ["oauth_client_id"], name: "index_identity_providers_on_oauth_client_id"
-  end
-
-  create_table "oauth_access_grants", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
-    t.uuid "resource_owner_id", null: false
-    t.uuid "application_id", null: false
-    t.string "token", null: false
-    t.integer "expires_in", null: false
-    t.text "redirect_uri", null: false
-    t.datetime "created_at", null: false
-    t.datetime "revoked_at"
-    t.string "scopes", default: "", null: false
-    t.index ["application_id"], name: "index_oauth_access_grants_on_application_id"
-    t.index ["token"], name: "index_oauth_access_grants_on_token", unique: true
-  end
-
-  create_table "oauth_access_tokens", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
-    t.uuid "resource_owner_id"
-    t.uuid "application_id"
-    t.string "token", null: false
-    t.string "refresh_token"
-    t.integer "expires_in"
-    t.datetime "revoked_at"
-    t.datetime "created_at", null: false
-    t.string "scopes"
-    t.string "previous_refresh_token", default: "", null: false
-    t.index ["application_id"], name: "index_oauth_access_tokens_on_application_id"
-    t.index ["refresh_token"], name: "index_oauth_access_tokens_on_refresh_token", unique: true
-    t.index ["token"], name: "index_oauth_access_tokens_on_token", unique: true
-  end
-
-  create_table "oauth_applications", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
-    t.string "name", null: false
-    t.string "secret", null: false
-    t.text "redirect_uri", null: false
-    t.string "scopes", default: "", null: false
-    t.boolean "confidential", default: true, null: false
-    t.datetime "created_at", precision: 6, null: false
-    t.datetime "updated_at", precision: 6, null: false
-  end
+# Could not dump table "identity_providers" because of following StandardError
+#   Unknown type 'identity_provider_status' for column 'status'
 
   create_table "oauth_clients", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
     t.string "name", null: false
     t.string "secret", null: false
     t.string "identifier", null: false
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
     t.index ["identifier"], name: "index_oauth_clients_on_identifier", unique: true
   end
 
@@ -112,6 +69,8 @@ ActiveRecord::Schema.define(version: 2020_07_15_205801) do
     t.string "uri", null: false
     t.boolean "primary", default: false, null: false
     t.uuid "oauth_client_id"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
     t.index ["oauth_client_id"], name: "index_redirect_uris_on_oauth_client_id"
     t.index ["uri", "primary"], name: "index_redirect_uris_on_uri_and_primary", unique: true
   end
@@ -121,13 +80,11 @@ ActiveRecord::Schema.define(version: 2020_07_15_205801) do
     t.string "idp_id", null: false
     t.uuid "identity_provider_id"
     t.uuid "enterprise_account_id"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
     t.index ["email", "idp_id"], name: "index_users_on_email_and_idp_id", unique: true
     t.index ["enterprise_account_id"], name: "index_users_on_enterprise_account_id"
   end
 
-  add_foreign_key "oauth_access_grants", "oauth_applications", column: "application_id"
-  add_foreign_key "oauth_access_grants", "users", column: "resource_owner_id"
-  add_foreign_key "oauth_access_tokens", "oauth_applications", column: "application_id"
-  add_foreign_key "oauth_access_tokens", "users", column: "resource_owner_id"
   add_foreign_key "users", "identity_providers"
 end

data/lib/osso/db/migrate/20200714223226_add_identity_provider_service_enum.rb

@@ -4,7 +4,7 @@ class AddIdentityProviderServiceEnum < ActiveRecord::Migration[6.0]
       execute <<-SQL
         CREATE TYPE identity_provider_service AS ENUM ('OKTA', 'AZURE');
       SQL
-      chnage_column :identity_providers, :service, :identity_provider_service
+      change_column :identity_providers, :service, :identity_provider_service
     end
   
     def down

data/lib/osso/db/migrate/20200722230116_add_identity_provider_status_enum_and_use_on_identity_providers.rb

@@ -0,0 +1,15 @@
+class AddIdentityProviderStatusEnumAndUseOnIdentityProviders < ActiveRecord::Migration[6.0]
+  def up
+    execute <<~SQL
+      CREATE TYPE identity_provider_status AS ENUM ('PENDING', 'CONFIGURED', 'ACTIVE', 'ERROR');
+    SQL
+    add_column :identity_providers, :status, :identity_provider_status, default: 'PENDING'
+  end
+
+  def down
+    remove_column :identity_providers, :status
+    execute <<~SQL
+      DROP TYPE identity_provider_status;
+    SQL
+  end
+end

data/lib/osso/db/migrate/20200723153750_add_missing_timestamps.rb

@@ -0,0 +1,35 @@
+class AddMissingTimestamps < ActiveRecord::Migration[6.0]
+  def change
+    add_column :enterprise_accounts, :created_at, :timestamp
+    add_column :enterprise_accounts, :updated_at, :timestamp
+    update "UPDATE enterprise_accounts SET created_at = NOW(), updated_at = NOW()"    
+    change_column_null :enterprise_accounts, :created_at, false
+    change_column_null :enterprise_accounts, :updated_at, false
+
+
+    add_column :identity_providers, :created_at, :timestamp
+    add_column :identity_providers, :updated_at, :timestamp
+    update "UPDATE enterprise_accounts SET created_at = NOW(), updated_at = NOW()"    
+    change_column_null :enterprise_accounts, :created_at, false
+    change_column_null :enterprise_accounts, :updated_at, false
+
+    add_column :oauth_clients, :created_at, :timestamp
+    add_column :oauth_clients, :updated_at, :timestamp
+    update "UPDATE oauth_clients SET created_at = NOW(), updated_at = NOW()"    
+    change_column_null :oauth_clients, :created_at, false
+    change_column_null :oauth_clients, :updated_at, false
+
+    add_column :redirect_uris, :created_at, :timestamp
+    add_column :redirect_uris, :updated_at, :timestamp
+    update "UPDATE redirect_uris SET created_at = NOW(), updated_at = NOW()"    
+    change_column_null :redirect_uris, :created_at, false
+    change_column_null :redirect_uris, :updated_at, false
+
+    add_column :users, :created_at, :timestamp
+    add_column :users, :updated_at, :timestamp
+    update "UPDATE users SET created_at = NOW(), updated_at = NOW()"    
+    change_column_null :users, :created_at, false
+    change_column_null :users, :updated_at, false
+
+  end
+end

data/lib/osso/db/migrate/20200723162228_drop_unneeded_tables.rb

@@ -0,0 +1,9 @@
+class DropUnneededTables < ActiveRecord::Migration[6.0]
+  def change
+    drop_table(:oauth_grants, if_exists: true)
+    drop_table(:oauth_access_tokens, if_exists: true)
+    drop_table(:oauth_applications, if_exists: true)
+
+
+  end
+end

data/lib/osso/graphql/mutation.rb

@@ -6,10 +6,12 @@ module Osso
   module GraphQL
     module Types
       class MutationType < BaseObject
-        field :configure_identity_provider, mutation: Mutations::ConfigureIdentityProvider
+        field :configure_identity_provider, mutation: Mutations::ConfigureIdentityProvider, null: true
         field :create_identity_provider, mutation: Mutations::CreateIdentityProvider
         field :create_enterprise_account, mutation: Mutations::CreateEnterpriseAccount
-        field :set_identity_provider, mutation: Mutations::SetSamlProvider
+        field :create_oauth_client, mutation: Mutations::CreateOauthClient
+        field :delete_enterprise_account, mutation: Mutations::DeleteEnterpriseAccount
+        field :delete_oauth_client, mutation: Mutations::DeleteOauthClient
       end
     end
   end

data/lib/osso/graphql/mutations.rb

@@ -9,4 +9,6 @@ require_relative 'mutations/base_mutation'
 require_relative 'mutations/configure_identity_provider'
 require_relative 'mutations/create_identity_provider'
 require_relative 'mutations/create_enterprise_account'
-require_relative 'mutations/set_identity_provider'
+require_relative 'mutations/create_oauth_client'
+require_relative 'mutations/delete_enterprise_account'
+require_relative 'mutations/delete_oauth_client'

data/lib/osso/graphql/mutations/base_mutation.rb

@@ -15,10 +15,10 @@ module Osso
           error.merge(data: nil)
         end
 
-        def ready?(enterprise_account_id: nil, domain: nil, **args)
+        def ready?(enterprise_account_id: nil, domain: nil, identity_provider_id: nil, **args)
           return true if context[:scope] == :admin
 
-          domain ||= account_domain(enterprise_account_id)
+          domain ||= account_domain(enterprise_account_id) || provider_domain(identity_provider_id)
           return true if domain == context[:scope]
 
           raise ::GraphQL::ExecutionError, "This user lacks the scope to mutate records belonging to #{args[:domain]}"
@@ -29,6 +29,12 @@ module Osso
 
           Osso::Models::EnterpriseAccount.find(id)&.domain
         end
+
+        def provider_domain(id)
+          return false unless id
+
+          Osso::Models::IdentityProvider.find(id)&.domain
+        end
       end
     end
   end

data/lib/osso/graphql/mutations/configure_identity_provider.rb

@@ -16,11 +16,20 @@ module Osso
         def resolve(id:, **args)
           provider = Osso::Models::IdentityProvider.find(id)
 
-          return unauthorized unless authorized?
           return response_data(identity_provider: provider) if provider.update(args)
 
           response_error(errors: provder.errors.messages)
         end
+
+        def ready?(id:, **_args)
+          return true if context[:scope] == :admin
+
+          domain = Osso::Models::IdentityProvider.find(id)&.domain
+
+          return true if domain == context[:scope]
+
+          raise ::GraphQL::ExecutionError, "This user lacks the scope to mutate records belonging to #{domain}"
+        end
       end
     end
   end

data/lib/osso/graphql/mutations/create_oauth_client.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Osso
+  module GraphQL
+    module Mutations
+      class CreateOauthClient < BaseMutation
+        null false
+
+        argument :name, String, required: true
+
+        field :oauth_client, Types::OauthClient, null: false
+        field :errors, [String], null: false
+
+        def resolve(**args)
+          oauth_client = Osso::Models::OauthClient.new(args)
+
+          return response_data(oauth_client: oauth_client) if oauth_client.save
+
+          response_error(errors: oauth_client.errors.full_messages)
+        end
+
+        def ready?(*)
+          return true if context[:scope] == :admin
+
+          raise ::GraphQL::ExecutionError, 'Only admin users may mutate OauthClients'
+        end
+      end
+    end
+  end
+end

data/lib/osso/graphql/mutations/delete_enterprise_account.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module Osso
+  module GraphQL
+    module Mutations
+      class DeleteEnterpriseAccount < BaseMutation
+        null false
+
+        argument :id, ID, required: true
+
+        field :enterprise_account, Types::EnterpriseAccount, null: true
+        field :errors, [String], null: false
+
+        def resolve(id:)
+          enterprise_account = Osso::Models::EnterpriseAccount.find(id)
+
+          return response_data(enterprise_account: nil) if enterprise_account.destroy
+
+          response_error(errors: enterprise_account.errors.full_messages)
+        end
+
+        def ready?(id:)
+          return true if context[:scope] == :admin
+
+          domain = account_domain(id)
+
+          return true if domain == context[:scope]
+
+          raise ::GraphQL::ExecutionError, "This user lacks the scope to mutate records belonging to #{domain}"
+        end
+      end
+    end
+  end
+end

data/lib/osso/graphql/mutations/delete_oauth_client.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Osso
+  module GraphQL
+    module Mutations
+      class DeleteOauthClient < BaseMutation
+        null false
+
+        argument :id, ID, required: true
+
+        field :oauth_client, Types::OauthClient, null: true
+        field :errors, [String], null: false
+
+        def resolve(id:)
+          oauth_client = Osso::Models::OauthClient.find(id)
+
+          return response_data(oauth_client: nil) if oauth_client.destroy
+
+          response_error(errors: oauth_client.errors.full_messages)
+        end
+
+        def ready?(*)
+          return true if context[:scope] == :admin
+
+          raise ::GraphQL::ExecutionError, 'Only admin users may mutate OauthClients'
+        end
+      end
+    end
+  end
+end

data/lib/osso/graphql/query.rb

@@ -4,7 +4,10 @@ module Osso
   module GraphQL
     module Types
       class QueryType < ::GraphQL::Schema::Object
-        field :enterprise_accounts, null: true, resolver: Resolvers::EnterpriseAccounts
+        field :enterprise_accounts, null: true, resolver: Resolvers::EnterpriseAccounts do
+          argument :sort_column, String, required: false
+          argument :sort_order, String, required: false
+        end
         field :oauth_clients, null: true, resolver: Resolvers::OAuthClients
 
         field :enterprise_account, null: true, resolver: Resolvers::EnterpriseAccount do

data/lib/osso/graphql/resolvers/enterprise_accounts.rb

@@ -4,12 +4,20 @@ module Osso
   module GraphQL
     module Resolvers
       class EnterpriseAccounts < ::GraphQL::Schema::Resolver
-        type [Types::EnterpriseAccount], null: true
+        type Types::EnterpriseAccount.connection_type, null: true
 
-        def resolve
-          return Osso::Models::EnterpriseAccount.all if context[:scope] == :admin
+        def resolve(sort_column: nil, sort_order: nil)
+          return Array(Osso::Models::EnterpriseAccount.find_by(domain: context[:scope])) if context[:scope] != :admin
 
-          Array(Osso::Models::EnterpriseAccount.find_by(domain: context[:scope]))
+          accounts = Osso::Models::EnterpriseAccount
+
+          accounts = accounts.order(sort_column => sort_order_sym(sort_order)) if sort_column && sort_order
+
+          accounts.all
+        end
+
+        def sort_order_sym(order_string)
+          order_string == 'ascend' ? :asc : :desc
         end
       end
     end

data/lib/osso/graphql/resolvers/oauth_clients.rb

@@ -4,7 +4,7 @@ module Osso
   module GraphQL
     module Resolvers
       class OAuthClients < ::GraphQL::Schema::Resolver
-        type [Types::OAuthClient], null: true
+        type [Types::OauthClient], null: true
 
         def resolve
           return Osso::Models::OauthClient.all if context[:scope] == :admin