osso 0.0.3.7 → 0.0.3.12

data/lib/osso/models/redirect_uri.rb

@@ -18,3 +18,20 @@ module Osso
     end
   end
 end
+
+# == Schema Information
+#
+# Table name: redirect_uris
+#
+#  id              :uuid             not null, primary key
+#  uri             :string           not null
+#  primary         :boolean          default(FALSE), not null
+#  oauth_client_id :uuid
+#  created_at      :datetime         not null
+#  updated_at      :datetime         not null
+#
+# Indexes
+#
+#  index_redirect_uris_on_oauth_client_id  (oauth_client_id)
+#  index_redirect_uris_on_uri_and_primary  (uri,primary) UNIQUE
+#

data/lib/osso/models/user.rb

@@ -22,3 +22,25 @@ module Osso
     end
   end
 end
+
+# == Schema Information
+#
+# Table name: users
+#
+#  id                    :uuid             not null, primary key
+#  email                 :string           not null
+#  idp_id                :string           not null
+#  identity_provider_id  :uuid
+#  enterprise_account_id :uuid
+#  created_at            :datetime         not null
+#  updated_at            :datetime         not null
+#
+# Indexes
+#
+#  index_users_on_email_and_idp_id       (email,idp_id) UNIQUE
+#  index_users_on_enterprise_account_id  (enterprise_account_id)
+#
+# Foreign Keys
+#
+#  fk_rails_...  (identity_provider_id => identity_providers.id)
+#

data/lib/osso/routes/admin.rb

@@ -36,6 +36,12 @@ module Osso
 
         erb :admin
       end
+
+      get '/config/:id' do
+        admin_protected!
+
+        erb :admin
+      end
     end
   end
 end

data/lib/osso/routes/auth.rb

@@ -23,7 +23,7 @@ module Osso
         self,
         provider_name: 'saml',
         identity_provider_id_regex: UUID_REGEXP,
-        path_prefix: '/saml',
+        path_prefix: '/auth/saml',
         callback_suffix: 'callback',
       ) do |identity_provider_id, _env|
         provider = Models::IdentityProvider.find(identity_provider_id)

data/lib/osso/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Osso
-  VERSION = '0.0.3.7'
+  VERSION = '0.0.3.12'
 end

data/osso-rb.gemspec

@@ -28,6 +28,7 @@ Gem::Specification.new do |spec|
   spec.add_runtime_dependency 'sinatra-activerecord'
   spec.add_runtime_dependency 'sinatra-contrib'
 
+  spec.add_development_dependency 'annotate', '~> 3.1'
   spec.add_development_dependency 'bundler', '~> 2.1'
   spec.add_development_dependency 'pry'
 

data/spec/factories/identity_providers.rb

@@ -47,3 +47,25 @@ FactoryBot.define do
     end
   end
 end
+
+# == Schema Information
+#
+# Table name: identity_providers
+#
+#  id                    :uuid             not null, primary key
+#  service               :string
+#  domain                :string           not null
+#  sso_url               :string
+#  sso_cert              :text
+#  enterprise_account_id :uuid
+#  oauth_client_id       :uuid
+#  status                :enum             default("PENDING")
+#  created_at            :datetime
+#  updated_at            :datetime
+#
+# Indexes
+#
+#  index_identity_providers_on_domain                 (domain)
+#  index_identity_providers_on_enterprise_account_id  (enterprise_account_id)
+#  index_identity_providers_on_oauth_client_id        (oauth_client_id)
+#

data/spec/graphql/mutations/configure_identity_provider_spec.rb

@@ -23,7 +23,7 @@ describe Osso::GraphQL::Schema do
             identityProvider {
               id
               domain
-              configured
+              status
               enterpriseAccountId
               service
               acsUrl
@@ -46,8 +46,8 @@ describe Osso::GraphQL::Schema do
     describe 'for an admin user' do
       let(:current_scope) { :admin }
       it 'configures an identity provider' do
-        expect(subject.dig('data', 'configureIdentityProvider', 'identityProvider', 'configured')).
-          to be true
+        expect(subject.dig('data', 'configureIdentityProvider', 'identityProvider', 'status')).
+          to eq('Configured')
       end
     end
 

data/spec/graphql/mutations/create_oauth_client_spec.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Osso::GraphQL::Schema do
+  describe 'CreateOauthClient' do
+    let(:variables) do
+      {
+        input: {
+          name: Faker::Company.name,
+        },
+      }
+    end
+
+    let(:mutation) do
+      <<~GRAPHQL
+         mutation CreateOauthClient($input: CreateOauthClientInput!) {
+          createOauthClient(input: $input) {
+            oauthClient {
+              id
+              name
+              clientId
+              clientSecret
+            }
+          }
+        }
+      GRAPHQL
+    end
+
+    subject do
+      described_class.execute(
+        mutation,
+        variables: variables,
+        context: { scope: current_scope },
+      )
+    end
+
+    describe 'for an admin user' do
+      let(:current_scope) { :admin }
+      it 'creates an OauthClient' do
+        expect { subject }.to change { Osso::Models::OauthClient.count }.by(1)
+        expect(subject.dig('data', 'createOauthClient', 'oauthClient', 'clientId')).
+          to_not be_nil
+      end
+    end
+
+    describe 'for an email scoped user' do
+      let(:current_scope) { 'foo.com' }
+
+      it 'does not create an OauthClient Account' do
+        expect { subject }.to_not(change { Osso::Models::OauthClient.count })
+      end
+    end
+  end
+end

data/spec/graphql/mutations/delete_enterprise_account_spec.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Osso::GraphQL::Schema do
+  describe 'DeleteEnterpriseAccount' do
+    let(:domain) { Faker::Internet.domain_name }
+    let!(:enterprise_account) { create(:enterprise_account, domain: domain) }
+    let(:variables) do
+      {
+        input: {
+          id: enterprise_account.id,
+        },
+      }
+    end
+
+    let(:mutation) do
+      <<~GRAPHQL
+         mutation DeleteEnterpriseAccount($input: DeleteEnterpriseAccountInput!) {
+          deleteEnterpriseAccount(input: $input) {
+            enterpriseAccount {
+              id
+            }
+          }
+        }
+      GRAPHQL
+    end
+
+    subject do
+      described_class.execute(
+        mutation,
+        variables: variables,
+        context: { scope: current_scope },
+      )
+    end
+
+    describe 'for an admin user' do
+      let(:current_scope) { :admin }
+      it 'deletes an Enterprise Account' do
+        expect { subject }.to change { Osso::Models::EnterpriseAccount.count }.by(-1)
+        expect(subject.dig('data', 'createEnterpriseAccount', 'enterpriseAccount')).
+          to be_nil
+      end
+    end
+
+    describe 'for an email scoped user' do
+      let(:current_scope) { domain }
+
+      it 'deletes the Enterprise Account' do
+        expect { subject }.to change { Osso::Models::EnterpriseAccount.count }.by(-1)
+        expect(subject.dig('data', 'createEnterpriseAccount', 'enterpriseAccount')).
+          to be_nil
+      end
+    end
+    describe 'for the wrong email scoped user' do
+      let(:current_scope) { 'foo.com' }
+
+      it 'does not delete the Enterprise Account' do
+        expect { subject }.to_not(change { Osso::Models::EnterpriseAccount.count })
+      end
+    end
+  end
+end

data/spec/graphql/mutations/delete_oauth_client_spec.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Osso::GraphQL::Schema do
+  describe 'DeleteOauthClient' do
+    let!(:oauth_client) { create(:oauth_client) }
+    let(:variables) do
+      {
+        input: {
+          id: oauth_client.id,
+        },
+      }
+    end
+
+    let(:mutation) do
+      <<~GRAPHQL
+         mutation DeleteOauthClient($input: DeleteOauthClientInput!) {
+          deleteOauthClient(input: $input) {
+            oauthClient {
+              id
+            }
+          }
+        }
+      GRAPHQL
+    end
+
+    subject do
+      described_class.execute(
+        mutation,
+        variables: variables,
+        context: { scope: current_scope },
+      )
+    end
+
+    describe 'for an admin user' do
+      let(:current_scope) { :admin }
+      it 'deletes the OauthClient' do
+        expect { subject }.to change { Osso::Models::OauthClient.count }.by(-1)
+      end
+    end
+
+    describe 'for an email scoped user' do
+      let(:current_scope) { 'foo.com' }
+
+      it 'does not create an OauthClient Account' do
+        expect { subject }.to_not(change { Osso::Models::OauthClient.count })
+      end
+    end
+  end
+end

data/spec/graphql/query/enterprise_account_spec.rb

@@ -19,7 +19,7 @@ describe Osso::GraphQL::Schema do
                 acsUrl
                 ssoCert
                 ssoUrl
-                configured
+                status
               }
               name
               status

data/spec/graphql/query/enterprise_accounts_spec.rb

@@ -7,37 +7,51 @@ describe Osso::GraphQL::Schema do
     describe 'for an admin user' do
       let(:current_scope) { :admin }
 
-      it 'returns Enterprise Accounts' do
-        create_list(:enterprise_account, 2)
+      it 'returns paginated Enterprise Accounts' do
+        %w[A B C].map do |name|
+          create(:enterprise_account, name: name)
+        end
 
         query = <<~GRAPHQL
-          query EnterpriseAccounts {
-            enterpriseAccounts {
-              domain
-              id
-              identityProviders {
-                id
-                service
-                domain
-                acsUrl
-                ssoCert
-                ssoUrl
-                configured
+          query EnterpriseAccounts($first: Int, $sortColumn: String, $sortOrder: String) {
+            enterpriseAccounts(first: $first, sortColumn: $sortColumn, sortOrder: $sortOrder) {
+              pageInfo {
+                hasNextPage
+                endCursor
+              }
+              totalCount
+              edges {
+                node {
+                  domain
+                  id
+                  identityProviders {
+                    id
+                    service
+                    domain
+                    acsUrl
+                    ssoCert
+                    ssoUrl
+                    status
+                  }
+                  name
+                  status
+                }
               }
-              name
-              status
             }
           }
         GRAPHQL
 
         response = described_class.execute(
           query,
-          variables: nil,
+          variables: { first: 2, sortOrder: 'descending', sortColumn: 'name' },
           context: { scope: current_scope },
         )
 
         expect(response['errors']).to be_nil
-        expect(response.dig('data', 'enterpriseAccounts').count).to eq(2)
+        expect(response.dig('data', 'enterpriseAccounts', 'edges').count).to eq(2)
+        expect(response.dig('data', 'enterpriseAccounts', 'edges', 0, 'node', 'name')).to eq('C')
+        expect(response.dig('data', 'enterpriseAccounts', 'totalCount')).to eq(3)
+        expect(response.dig('data', 'enterpriseAccounts', 'pageInfo', 'hasNextPage')).to eq(true)
       end
     end
   end

data/spec/graphql/query/identity_provider_spec.rb

@@ -17,7 +17,7 @@ describe Osso::GraphQL::Schema do
             acsUrl
             ssoCert
             ssoUrl
-            configured
+            status
           }
         }
       GRAPHQL
@@ -55,7 +55,7 @@ describe Osso::GraphQL::Schema do
 
     describe 'for the wrong email scoped user' do
       let(:current_scope) { 'bar.com' }
-      
+
       it 'returns Enterprise Account for domain' do
         expect(subject['errors']).to_not be_empty
         expect(subject.dig('data', 'enterpriseAccount')).to be_nil

data/spec/graphql/query/{oauth_clients_account_spec.rb → oauth_clients_spec.rb}

@@ -10,6 +10,8 @@ describe Osso::GraphQL::Schema do
           oauthClients {
             name
             id
+            clientSecret
+            clientId
           }
         }
       GRAPHQL

data/spec/routes/auth_spec.rb

@@ -3,6 +3,31 @@
 require 'spec_helper'
 
 describe Osso::Auth do
+  describe 'get /auth/saml/:uuid' do
+    describe 'for an Okta SAML provider' do
+      let(:enterprise) { create(:enterprise_with_okta) }
+      let(:okta_provider) { enterprise.identity_providers.first }
+      it 'uses omniauth saml' do
+        get("/auth/saml/#{okta_provider.id}")
+
+        expect(last_response).to be_redirect
+        follow_redirect!
+        expect(last_request.url).to match("auth/saml/#{okta_provider.id}")
+      end
+    end
+
+    describe 'for an Azure SAML provider' do
+      let(:enterprise) { create(:enterprise_with_okta) }
+      let(:azure_provider) { enterprise.identity_providers.first }
+      it 'uses omniauth saml' do
+        get("/auth/saml/#{azure_provider.id}")
+
+        expect(last_response).to be_redirect
+        follow_redirect!
+        expect(last_request.url).to match("auth/saml/#{azure_provider.id}")
+      end
+    end
+  end
   describe 'post /auth/saml/:uuid/callback' do
     describe 'for an Okta SAML provider' do
       let(:enterprise) { create(:enterprise_with_okta) }