osso 0.0.3.7

data/LICENSE

@@ -0,0 +1,111 @@
+Business Source License 1.1
+
+Parameters
+
+Licensor:             Samuel Bauch
+Licensed Work:        osso-rb
+                      The Licensed Work is (c) 2020 Samuel Bauch.
+Additional Use Grant: You may make use of the Licensed Work, provided that you do
+                      not use the Licensed Work in a Single Sign On Management
+                      Service.
+
+                      A "Single Sign On Management Service" is an offering
+                      (be it free or commercial) that uses the Licensed Work
+                      to allow third parties (other than your employees and 
+                      contractors) to access the functionality of the 
+                      Licensed Work such that any fourth parties directly 
+                      benefit from the authentication, configuration, or 
+                      documentation features of the Licensed Work.
+
+                      You thus may only use the Licensed Work in a manner 
+                      whereby parties who directly benefit from the 
+                      authentication, configuration, or documentation features 
+                      of the Licensed Work are yourself, your employees or 
+                      contractors, and your customers or partners.
+
+Change Date:          2023-05-01
+
+Change License:       Apache License, Version 2.0
+
+For information about alternative licensing arrangements for the Software,
+contact: hello@enterprise-oss.dev
+
+Notice
+
+The Business Source License (this document, or the "License") is not an Open
+Source license. However, the Licensed Work will eventually be made available
+under an Open Source License, as stated in this License.
+
+License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
+"Business Source License" is a trademark of MariaDB Corporation Ab.
+
+-----------------------------------------------------------------------------
+
+Business Source License 1.1
+
+Terms
+
+The Licensor hereby grants you the right to copy, modify, create derivative
+works, redistribute, and make non-production use of the Licensed Work. The
+Licensor may make an Additional Use Grant, above, permitting limited
+production use.
+
+Effective on the Change Date, or the fourth anniversary of the first publicly
+available distribution of a specific version of the Licensed Work under this
+License, whichever comes first, the Licensor hereby grants you rights under
+the terms of the Change License, and the rights granted in the paragraph
+above terminate.
+
+If your use of the Licensed Work does not comply with the requirements
+currently in effect as described in this License, you must purchase a
+commercial license from the Licensor, its affiliated entities, or authorized
+resellers, or you must refrain from using the Licensed Work.
+
+All copies of the original and modified Licensed Work, and derivative works
+of the Licensed Work, are subject to this License. This License applies
+separately for each version of the Licensed Work and the Change Date may vary
+for each version of the Licensed Work released by Licensor.
+
+You must conspicuously display this License on each original or modified copy
+of the Licensed Work. If you receive the Licensed Work in original or
+modified form from a third party, the terms and conditions set forth in this
+License apply to your use of that work.
+
+Any use of the Licensed Work in violation of this License will automatically
+terminate your rights under this License for the current and all other
+versions of the Licensed Work.
+
+This License does not grant you any right in any trademark or logo of
+Licensor or its affiliates (provided that you may use a trademark or logo of
+Licensor as expressly required by this License).
+
+TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
+AN "AS IS" BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
+EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
+TITLE.
+
+MariaDB hereby grants you permission to use this License’s text to license
+your works, and to refer to it using the trademark "Business Source License",
+as long as you comply with the Covenants of Licensor below.
+
+Covenants of Licensor
+
+In consideration of the right to use this License’s text and the "Business
+Source License" name and trademark, Licensor covenants to MariaDB, and to all
+other recipients of the licensed work to be provided by Licensor:
+
+1. To specify as the Change License the GPL Version 2.0 or any later version,
+   or a license that is compatible with GPL Version 2.0 or a later version,
+   where "compatible" means that software provided under the Change License can
+   be included in a program with software provided under GPL Version 2.0 or a
+   later version. Licensor may specify additional Change Licenses without
+   limitation.
+
+2. To either: (a) specify an additional grant of rights to use that does not
+   impose any additional restriction on the right granted in this License, as
+   the Additional Use Grant; or (b) insert the text "None".
+
+3. To specify a Change Date.
+
+4. Not to modify this License in any other way.

data/README.md

@@ -0,0 +1,2 @@
+[![Maintainability](https://api.codeclimate.com/v1/badges/2b04828dc45bcb5abcb1/maintainability)](https://codeclimate.com/github/enterprise-oss/osso-rb/maintainability)
+[![Build status](https://badge.buildkite.com/0e01845bdd51be4131b9cbd496d9caa39cd48f171fc2d9a9ca.svg)](https://buildkite.com/enterpriseoss/osso-rb)

data/Rakefile

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+# This Rakefile is used in gem development in order
+# to tell ActiveRecord where to find the database
+# schema and migrations
+
+require 'bundler/gem_tasks'
+require 'sinatra/activerecord/rake'
+require './lib/osso'
+
+ActiveRecord::Migrator.migrations_paths = ['./lib/osso/db/migrate']
+Dir.glob('lib/tasks/*.rake').each { |r| load r }
+
+task default: :spec

data/bin/console

@@ -0,0 +1,8 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'bundler/setup'
+require 'osso'
+
+require 'irb'
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/config/database.yml

@@ -0,0 +1,14 @@
+development:
+  adapter: postgresql
+  encoding: unicode
+  pool: 5
+  database: ossorb-development
+  host: ''
+  port: 5432
+test:
+  adapter: postgresql
+  encoding: unicode
+  pool: 5
+  database: ossorb-test
+  host: ''
+  port: 5432

data/db/schema.rb

@@ -0,0 +1,133 @@
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# This file is the source Rails uses to define your schema when running `rails
+# db:schema:load`. When creating a new database, `rails db:schema:load` tends to
+# be faster and is potentially less error prone than running all of your
+# migrations from scratch. Old migrations may fail to apply correctly if those
+# migrations use external dependencies or application code.
+#
+# It's strongly recommended that you check this file into your version control system.
+
+ActiveRecord::Schema.define(version: 2020_07_15_205801) do
+
+  # These are extensions that must be enabled in order to support this database
+  enable_extension "pgcrypto"
+  enable_extension "plpgsql"
+
+  create_table "access_tokens", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
+    t.string "token"
+    t.datetime "expires_at"
+    t.datetime "created_at", precision: 6, null: false
+    t.datetime "updated_at", precision: 6, null: false
+    t.uuid "user_id"
+    t.uuid "oauth_client_id"
+    t.index ["oauth_client_id"], name: "index_access_tokens_on_oauth_client_id"
+    t.index ["user_id"], name: "index_access_tokens_on_user_id"
+  end
+
+  create_table "authorization_codes", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
+    t.string "token"
+    t.string "redirect_uri"
+    t.datetime "expires_at"
+    t.datetime "created_at", precision: 6, null: false
+    t.datetime "updated_at", precision: 6, null: false
+    t.uuid "user_id"
+    t.uuid "oauth_client_id"
+    t.index ["oauth_client_id"], name: "index_authorization_codes_on_oauth_client_id"
+    t.index ["token"], name: "index_authorization_codes_on_token", unique: true
+    t.index ["user_id"], name: "index_authorization_codes_on_user_id"
+  end
+
+  create_table "enterprise_accounts", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
+    t.string "domain", null: false
+    t.uuid "external_uuid"
+    t.integer "external_int_id"
+    t.string "external_id"
+    t.uuid "oauth_client_id"
+    t.string "name", null: false
+    t.index ["domain"], name: "index_enterprise_accounts_on_domain", unique: true
+    t.index ["oauth_client_id"], name: "index_enterprise_accounts_on_oauth_client_id"
+  end
+
+  create_table "identity_providers", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
+    t.string "service"
+    t.string "domain", null: false
+    t.string "sso_url"
+    t.text "sso_cert"
+    t.uuid "enterprise_account_id"
+    t.uuid "oauth_client_id"
+    t.index ["domain"], name: "index_identity_providers_on_domain"
+    t.index ["enterprise_account_id"], name: "index_identity_providers_on_enterprise_account_id"
+    t.index ["oauth_client_id"], name: "index_identity_providers_on_oauth_client_id"
+  end
+
+  create_table "oauth_access_grants", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
+    t.uuid "resource_owner_id", null: false
+    t.uuid "application_id", null: false
+    t.string "token", null: false
+    t.integer "expires_in", null: false
+    t.text "redirect_uri", null: false
+    t.datetime "created_at", null: false
+    t.datetime "revoked_at"
+    t.string "scopes", default: "", null: false
+    t.index ["application_id"], name: "index_oauth_access_grants_on_application_id"
+    t.index ["token"], name: "index_oauth_access_grants_on_token", unique: true
+  end
+
+  create_table "oauth_access_tokens", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
+    t.uuid "resource_owner_id"
+    t.uuid "application_id"
+    t.string "token", null: false
+    t.string "refresh_token"
+    t.integer "expires_in"
+    t.datetime "revoked_at"
+    t.datetime "created_at", null: false
+    t.string "scopes"
+    t.string "previous_refresh_token", default: "", null: false
+    t.index ["application_id"], name: "index_oauth_access_tokens_on_application_id"
+    t.index ["refresh_token"], name: "index_oauth_access_tokens_on_refresh_token", unique: true
+    t.index ["token"], name: "index_oauth_access_tokens_on_token", unique: true
+  end
+
+  create_table "oauth_applications", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
+    t.string "name", null: false
+    t.string "secret", null: false
+    t.text "redirect_uri", null: false
+    t.string "scopes", default: "", null: false
+    t.boolean "confidential", default: true, null: false
+    t.datetime "created_at", precision: 6, null: false
+    t.datetime "updated_at", precision: 6, null: false
+  end
+
+  create_table "oauth_clients", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
+    t.string "name", null: false
+    t.string "secret", null: false
+    t.string "identifier", null: false
+    t.index ["identifier"], name: "index_oauth_clients_on_identifier", unique: true
+  end
+
+  create_table "redirect_uris", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
+    t.string "uri", null: false
+    t.boolean "primary", default: false, null: false
+    t.uuid "oauth_client_id"
+    t.index ["oauth_client_id"], name: "index_redirect_uris_on_oauth_client_id"
+    t.index ["uri", "primary"], name: "index_redirect_uris_on_uri_and_primary", unique: true
+  end
+
+  create_table "users", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
+    t.string "email", null: false
+    t.string "idp_id", null: false
+    t.uuid "identity_provider_id"
+    t.uuid "enterprise_account_id"
+    t.index ["email", "idp_id"], name: "index_users_on_email_and_idp_id", unique: true
+    t.index ["enterprise_account_id"], name: "index_users_on_enterprise_account_id"
+  end
+
+  add_foreign_key "oauth_access_grants", "oauth_applications", column: "application_id"
+  add_foreign_key "oauth_access_grants", "users", column: "resource_owner_id"
+  add_foreign_key "oauth_access_tokens", "oauth_applications", column: "application_id"
+  add_foreign_key "oauth_access_tokens", "users", column: "resource_owner_id"
+  add_foreign_key "users", "identity_providers"
+end

data/lib/osso.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Osso
+  require_relative 'osso/helpers/helpers'
+  require_relative 'osso/lib/app_config'
+  require_relative 'osso/lib/oauth2_token'
+  require_relative 'osso/lib/route_map'
+  require_relative 'osso/models/models'
+  require_relative 'osso/routes/routes'
+  require_relative 'osso/graphql/schema'
+end

data/lib/osso/Rakefile

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require 'osso'
+
+path = File.expand_path(__dir__)
+Dir.glob("#{path}/tasks/**/*.rake").each { |f| import f }
+
+namespace :db do
+  task :load_config do
+    osso_migrations = File.expand_path('./db/migrate', __dir__)
+    ActiveRecord::Migrator.migrations_paths << osso_migrations
+  end
+end

data/lib/osso/db/migrate/20190909230109_enable_uuid.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class EnableUuid < ActiveRecord::Migration[6.0]
+  def change
+    enable_extension 'pgcrypto'
+  end
+end

data/lib/osso/db/migrate/20200328135750_create_users.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+class CreateUsers < ActiveRecord::Migration[6.0]
+  def change
+    create_table :users, id: :uuid do |t|
+      t.string  :email,  null: false
+      t.string  :idp_id, null: false
+    end
+
+    add_index :users, %i[email idp_id], unique: true
+  end
+end

data/lib/osso/db/migrate/20200328143303_create_oauth_tables.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+class CreateOauthTables < ActiveRecord::Migration[6.0]
+  def change
+    create_table :oauth_applications, id: :uuid do |t|
+      t.string  :name,    null: false
+      t.string  :secret,  null: false
+      t.text    :redirect_uri, null: false
+      t.string  :scopes,       null: false, default: ''
+      t.boolean :confidential, null: false, default: true
+      t.timestamps             null: false
+    end
+
+    create_table :oauth_access_grants, id: :uuid do |t|
+      t.uuid :resource_owner_id, null: false
+      t.references :application, type: :uuid, null: false
+      t.string   :token,             null: false
+      t.integer  :expires_in,        null: false
+      t.text     :redirect_uri,      null: false
+      t.datetime :created_at,        null: false
+      t.datetime :revoked_at
+      t.string   :scopes, null: false, default: ''
+    end
+
+    add_index :oauth_access_grants, :token, unique: true
+    add_foreign_key(
+      :oauth_access_grants,
+      :oauth_applications,
+      column: :application_id
+    )
+
+    create_table :oauth_access_tokens, id: :uuid do |t|
+      t.uuid :resource_owner_id
+      t.references :application, type: :uuid
+      t.string :token, null: false
+
+      t.string   :refresh_token
+      t.integer  :expires_in
+      t.datetime :revoked_at
+      t.datetime :created_at, null: false
+      t.string   :scopes
+
+      t.string   :previous_refresh_token, null: false, default: ''
+    end
+
+    add_index :oauth_access_tokens, :token, unique: true
+    add_index :oauth_access_tokens, :refresh_token, unique: true
+    add_foreign_key(
+      :oauth_access_tokens,
+      :oauth_applications,
+      column: :application_id
+    )
+
+    add_foreign_key :oauth_access_grants, :users, column: :resource_owner_id
+    add_foreign_key :oauth_access_tokens, :users, column: :resource_owner_id
+  end
+end

data/lib/osso/db/migrate/20200328143305_create_identity_providers.rb

@@ -0,0 +1,12 @@
+class CreateIdentityProviders < ActiveRecord::Migration[6.0]
+  def change
+    create_table :identity_providers, id: :uuid do |t|
+      t.string  :service
+      t.string  :domain, null: false
+      t.string :idp_sso_target_url
+      t.text :idp_cert
+    end
+
+    add_index :identity_providers, :domain
+  end
+end

data/lib/osso/db/migrate/20200411184535_add_provider_id_to_users.rb

@@ -0,0 +1,7 @@
+class AddProviderIdToUsers < ActiveRecord::Migration[6.0]
+  def change
+    add_column :users, :identity_provider_id, :uuid
+
+    add_foreign_key :users, :identity_providers
+  end
+end

data/lib/osso/db/migrate/20200411192645_create_enterprise_accounts.rb

@@ -0,0 +1,15 @@
+class CreateEnterpriseAccounts < ActiveRecord::Migration[6.0]
+  def change
+    create_table :enterprise_accounts, id: :uuid do |t|
+      t.string  :domain, null: false
+      t.uuid :external_uuid
+      t.integer :external_int_id
+      t.string :external_id
+    end
+
+    add_index :enterprise_accounts, :domain, unique: true
+
+    add_reference :identity_providers, :enterprise_account, type: :uuid, index: true    
+    add_reference :users, :enterprise_account, type: :uuid, index: true
+  end
+end