osso 0.0.3.6 → 0.0.3.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f2d208f60074e354a988dd4f6d1e07409a8c5b9809371f2ab86e952c1cf52cb2
-  data.tar.gz: a113355db7bb066f7f87fea0bf8313bc7f60d628380abb8f334fc5de8e7e2d29
+  metadata.gz: 5e43fcdb190c819ff0da0cb9ac9358152f42804f7fa116771d9dd458bf141c30
+  data.tar.gz: 65f6005798ec50a1ad4dd297c695aa08c80fb2ba8cc059eaa38cfb5f15a13dcc
 SHA512:
-  metadata.gz: fec8ba8811aa056a367f975f206309cf74148a2bb551f8b37073a5c084a8fdeb86433dcd55862e24fe1199ba0b9ac8f3d166fce74ab7ea61ac5faa0690426baf
-  data.tar.gz: 20f63616bfc1619d503357be6cbabc114bd9a9402fdd7cdf3e0caa5415fb19dd4cf22a56dcdc6aa83c0b323cd77f4da529659e1455e3c277f4d4180d97e290d5
+  metadata.gz: 617a3e1e5a5b476c4758476f7708e12a752d8d448a46866e37352ee319dcd5c08f2d0726d81c4ec1054e5129073840d6d76aad24ef938a1ccaf475bd72cc6d7b
+  data.tar.gz: 77f11455be71add868a54d61683be3dc9a09231a92fdbf1abbb05c685732c6469eaeb9acbbd765ff0ff894960224bdcb736525687b234c002a46a1e4d0b2dba6

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    osso (0.0.3.6)
+    osso (0.0.3.7)
       activesupport (>= 6.0.3.2)
       graphql
       jwt

data/lib/osso/graphql/mutation.rb

@@ -6,7 +6,7 @@ module Osso
   module GraphQL
     module Types
       class MutationType < BaseObject
-        field :configure_identity_provider, mutation: Mutations::ConfigureIdentityProvider
+        field :configure_identity_provider, mutation: Mutations::ConfigureIdentityProvider, null: true
         field :create_identity_provider, mutation: Mutations::CreateIdentityProvider
         field :create_enterprise_account, mutation: Mutations::CreateEnterpriseAccount
         field :set_identity_provider, mutation: Mutations::SetSamlProvider

data/lib/osso/graphql/mutations/base_mutation.rb

@@ -15,10 +15,10 @@ module Osso
           error.merge(data: nil)
         end
 
-        def ready?(enterprise_account_id: nil, domain: nil, **args)
+        def ready?(enterprise_account_id: nil, domain: nil, identity_provider_id: nil, **args)
           return true if context[:scope] == :admin
 
-          domain ||= account_domain(enterprise_account_id)
+          domain ||= account_domain(enterprise_account_id) || provider_domain(identity_provider_id)
           return true if domain == context[:scope]
 
           raise ::GraphQL::ExecutionError, "This user lacks the scope to mutate records belonging to #{args[:domain]}"
@@ -29,6 +29,12 @@ module Osso
 
           Osso::Models::EnterpriseAccount.find(id)&.domain
         end
+
+        def provider_domain(id)
+          return false unless id
+
+          Osso::Models::IdentityProvider.find(id)&.domain
+        end
       end
     end
   end

data/lib/osso/graphql/mutations/configure_identity_provider.rb

@@ -16,11 +16,20 @@ module Osso
         def resolve(id:, **args)
           provider = Osso::Models::IdentityProvider.find(id)
 
-          return unauthorized unless authorized?
           return response_data(identity_provider: provider) if provider.update(args)
 
           response_error(errors: provder.errors.messages)
         end
+
+        def ready?(id:, **args)
+          return true if context[:scope] == :admin
+
+          domain = Osso::Models::IdentityProvider.find(id)&.domain
+
+          return true if domain == context[:scope]
+
+          raise ::GraphQL::ExecutionError, "This user lacks the scope to mutate records belonging to #{domain}"
+        end
       end
     end
   end

data/lib/osso/graphql/schema.rb

@@ -37,6 +37,10 @@ module Osso
           raise("Unexpected object: #{obj}")
         end
       end
+
+      def self.unauthorized_object(error)
+        raise ::GraphQL::ExecutionError, "An object of type #{error.type.graphql_name} was hidden due to permissions"
+      end
     end
   end
 end

data/lib/osso/graphql/types/enterprise_account.rb

@@ -23,6 +23,10 @@ module Osso
         def identity_providers
           object.identity_providers
         end
+
+        def self.authorized?(object, context)
+          super && (context[:scope] == :admin || object.domain == context[:scope])
+        end
       end
     end
   end

data/lib/osso/graphql/types/identity_provider.rb

@@ -18,10 +18,19 @@ module Osso
         field :sso_url, String, null: true
         field :sso_cert, String, null: true
         field :configured, Boolean, null: false
+        field :documentation_pdf_url, String, null: true
 
         def configured
           !!(@object.sso_url && @object.sso_cert)
         end
+
+        def documentation_pdf_url
+          ENV['BASE_URL'] + '/identity_provider/documentation/' + @object.id
+        end
+
+        def self.authorized?(object, context)
+          super && (context[:scope] == :admin || object.domain == context[:scope])
+        end
       end
     end
   end

data/lib/osso/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Osso
-  VERSION = '0.0.3.6'
+  VERSION = '0.0.3.7'
 end

data/spec/graphql/mutations/configure_identity_provider_spec.rb

@@ -55,11 +55,21 @@ describe Osso::GraphQL::Schema do
       let(:domain) { Faker::Internet.domain_name }
       let(:current_scope) { domain }
       let(:enterprise_account) { create(:enterprise_account, domain: domain) }
+      let(:identity_provider) { create(:identity_provider, enterprise_account: enterprise_account, domain: domain) }
 
-      it 'creates an identity provider' do
+      it 'configures an identity provider' do
         expect(subject.dig('data', 'configureIdentityProvider', 'identityProvider', 'domain')).
           to eq(domain)
       end
     end
+
+    describe 'for the wrong email scoped user' do
+      let(:domain) { Faker::Internet.domain_name }
+      let(:current_scope) { domain }
+
+      it 'does not configure an identity provider' do
+        expect(subject.dig('errors')).to_not be_empty
+      end
+    end
   end
 end

data/spec/graphql/query/identity_provider_spec.rb

@@ -5,6 +5,7 @@ require 'spec_helper'
 describe Osso::GraphQL::Schema do
   describe 'Identity Provider' do
     let(:id) { Faker::Internet.uuid }
+    let(:domain) { Faker::Internet.domain_name }
     let(:variables) { { id: id } }
     let(:query) do
       <<~GRAPHQL
@@ -24,7 +25,7 @@ describe Osso::GraphQL::Schema do
 
     before do
       create(:identity_provider)
-      create(:identity_provider, id: id)
+      create(:identity_provider, id: id, domain: domain)
     end
 
     subject do
@@ -43,18 +44,20 @@ describe Osso::GraphQL::Schema do
       end
     end
 
-    xdescribe 'for an email scoped user' do
+    describe 'for an email scoped user' do
       let(:current_scope) { domain }
+
       it 'returns Enterprise Account for domain' do
         expect(subject['errors']).to be_nil
-        expect(subject.dig('data', 'enterpriseAccount', 'domain')).to eq(domain)
+        expect(subject.dig('data', 'identityProvider', 'domain')).to eq(domain)
       end
     end
 
-    xdescribe 'for the wrong email scoped user' do
+    describe 'for the wrong email scoped user' do
       let(:current_scope) { 'bar.com' }
+      
       it 'returns Enterprise Account for domain' do
-        expect(subject['errors']).to be_nil
+        expect(subject['errors']).to_not be_empty
         expect(subject.dig('data', 'enterpriseAccount')).to be_nil
       end
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: osso
 version: !ruby/object:Gem::Version
-  version: 0.0.3.6
+  version: 0.0.3.7
 platform: ruby
 authors:
 - Sam Bauch
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-07-16 00:00:00.000000000 Z
+date: 2020-07-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport