osso 0.0.3.8 → 0.0.3.13

Sign up to get free protection for your applications and to get access to all the features.
Files changed (52) hide show
  1. checksums.yaml +4 -4
  2. data/.buildkite/pipeline.yml +5 -3
  3. data/Gemfile.lock +5 -1
  4. data/bin/annotate +1 -0
  5. data/db/schema.rb +9 -43
  6. data/lib/osso/db/migrate/20200723153750_add_missing_timestamps.rb +35 -0
  7. data/lib/osso/db/migrate/20200723162228_drop_unneeded_tables.rb +9 -0
  8. data/lib/osso/graphql/mutation.rb +7 -1
  9. data/lib/osso/graphql/mutations.rb +5 -1
  10. data/lib/osso/graphql/mutations/configure_identity_provider.rb +1 -1
  11. data/lib/osso/graphql/mutations/create_oauth_client.rb +30 -0
  12. data/lib/osso/graphql/mutations/delete_enterprise_account.rb +34 -0
  13. data/lib/osso/graphql/mutations/delete_oauth_client.rb +30 -0
  14. data/lib/osso/graphql/mutations/regenerate_oauth_credentials.rb +31 -0
  15. data/lib/osso/graphql/mutations/set_redirect_uris.rb +54 -0
  16. data/lib/osso/graphql/query.rb +15 -2
  17. data/lib/osso/graphql/resolvers/enterprise_accounts.rb +12 -4
  18. data/lib/osso/graphql/resolvers/oauth_clients.rb +1 -1
  19. data/lib/osso/graphql/types.rb +3 -0
  20. data/lib/osso/graphql/types/base_connection.rb +15 -0
  21. data/lib/osso/graphql/types/base_object.rb +4 -0
  22. data/lib/osso/graphql/types/oauth_client.rb +14 -1
  23. data/lib/osso/graphql/types/redirect_uri.rb +23 -0
  24. data/lib/osso/graphql/types/redirect_uri_input.rb +16 -0
  25. data/lib/osso/helpers/auth.rb +13 -12
  26. data/lib/osso/models/access_token.rb +18 -0
  27. data/lib/osso/models/authorization_code.rb +20 -0
  28. data/lib/osso/models/enterprise_account.rb +20 -0
  29. data/lib/osso/models/identity_provider.rb +22 -1
  30. data/lib/osso/models/models.rb +2 -0
  31. data/lib/osso/models/oauth_client.rb +20 -6
  32. data/lib/osso/models/redirect_uri.rb +17 -0
  33. data/lib/osso/models/user.rb +22 -0
  34. data/lib/osso/routes/admin.rb +6 -0
  35. data/lib/osso/routes/auth.rb +2 -2
  36. data/lib/osso/version.rb +1 -1
  37. data/osso-rb.gemspec +1 -0
  38. data/spec/factories/identity_providers.rb +22 -0
  39. data/spec/graphql/mutations/configure_identity_provider_spec.rb +1 -1
  40. data/spec/graphql/mutations/create_oauth_client_spec.rb +55 -0
  41. data/spec/graphql/mutations/delete_enterprise_account_spec.rb +63 -0
  42. data/spec/graphql/mutations/delete_oauth_client_spec.rb +51 -0
  43. data/spec/graphql/query/enterprise_accounts_spec.rb +32 -18
  44. data/spec/graphql/query/identity_provider_spec.rb +1 -1
  45. data/spec/graphql/query/{oauth_clients_account_spec.rb → oauth_clients_spec.rb} +2 -0
  46. data/spec/routes/auth_spec.rb +25 -0
  47. metadata +32 -8
  48. data/lib/osso/db/migrate/20200328143303_create_oauth_tables.rb +0 -57
  49. data/lib/osso/graphql/mutations/set_identity_provider.rb +0 -27
  50. data/lib/osso/models/saml_provider.rb +0 -49
  51. data/lib/osso/models/saml_providers/azure_saml_provider.rb +0 -22
  52. data/lib/osso/models/saml_providers/okta_saml_provider.rb +0 -23
data/lib/osso/db/migrate/20200328143303_create_oauth_tables.rb DELETED
@@ -1,57 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- class CreateOauthTables < ActiveRecord::Migration[6.0]
4
- def change
5
- create_table :oauth_applications, id: :uuid do |t|
6
- t.string :name, null: false
7
- t.string :secret, null: false
8
- t.text :redirect_uri, null: false
9
- t.string :scopes, null: false, default: ''
10
- t.boolean :confidential, null: false, default: true
11
- t.timestamps null: false
12
- end
13
-
14
- create_table :oauth_access_grants, id: :uuid do |t|
15
- t.uuid :resource_owner_id, null: false
16
- t.references :application, type: :uuid, null: false
17
- t.string :token, null: false
18
- t.integer :expires_in, null: false
19
- t.text :redirect_uri, null: false
20
- t.datetime :created_at, null: false
21
- t.datetime :revoked_at
22
- t.string :scopes, null: false, default: ''
23
- end
24
-
25
- add_index :oauth_access_grants, :token, unique: true
26
- add_foreign_key(
27
- :oauth_access_grants,
28
- :oauth_applications,
29
- column: :application_id
30
- )
31
-
32
- create_table :oauth_access_tokens, id: :uuid do |t|
33
- t.uuid :resource_owner_id
34
- t.references :application, type: :uuid
35
- t.string :token, null: false
36
-
37
- t.string :refresh_token
38
- t.integer :expires_in
39
- t.datetime :revoked_at
40
- t.datetime :created_at, null: false
41
- t.string :scopes
42
-
43
- t.string :previous_refresh_token, null: false, default: ''
44
- end
45
-
46
- add_index :oauth_access_tokens, :token, unique: true
47
- add_index :oauth_access_tokens, :refresh_token, unique: true
48
- add_foreign_key(
49
- :oauth_access_tokens,
50
- :oauth_applications,
51
- column: :application_id
52
- )
53
-
54
- add_foreign_key :oauth_access_grants, :users, column: :resource_owner_id
55
- add_foreign_key :oauth_access_tokens, :users, column: :resource_owner_id
56
- end
57
- end
data/lib/osso/graphql/mutations/set_identity_provider.rb DELETED
@@ -1,27 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module Osso
4
- module GraphQL
5
- module Mutations
6
- class SetSamlProvider < BaseMutation
7
- null false
8
-
9
- argument :provider, Types::IdentityProviderService, required: true
10
- argument :id, ID, required: true
11
-
12
- field :identity_provider, Types::IdentityProvider, null: false
13
- field :errors, [String], null: false
14
-
15
- def resolve(provider:, id:)
16
- identity_provider = Osso::Models::IdentityProvider.find(id)
17
- identity_provider.service = provider
18
- identity_provider.save!
19
- {
20
- identity_provider: identity_provider,
21
- errors: [],
22
- }
23
- end
24
- end
25
- end
26
- end
27
- end
data/lib/osso/models/saml_provider.rb DELETED
@@ -1,49 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module Osso
4
- module Models
5
- # Base class for SAML Providers
6
- class IdentityProvider < ActiveRecord::Base
7
- NAME_FORMAT = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
8
- belongs_to :enterprise_account
9
- belongs_to :oauth_client
10
- has_many :users
11
-
12
- before_create :create_enterprise_account
13
-
14
- # def name
15
- # raise(
16
- # NoMethodError,
17
- # '#name must be defined on each provider specific subclass',
18
- # )
19
- # end
20
-
21
- # def saml_options
22
- # raise(
23
- # NoMethodError,
24
- # '#saml_options must be defined on each provider specific subclass',
25
- # )
26
- # end
27
-
28
- def assertion_consumer_service_url
29
- [
30
- ENV.fetch('BASE_URL'),
31
- 'auth',
32
- 'saml',
33
- id,
34
- 'callback',
35
- ].join('/')
36
- end
37
-
38
- alias acs_url assertion_consumer_service_url
39
-
40
- def create_enterprise_account
41
- return if enterprise_account_id
42
-
43
- self.enterprise_account = Models::EnterpriseAccount.create(
44
- domain: domain,
45
- )
46
- end
47
- end
48
- end
49
- end
data/lib/osso/models/saml_providers/azure_saml_provider.rb DELETED
@@ -1,22 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module Osso
4
- module Models
5
- # Subclass for Azure / ADFS IDP instances
6
- class AzureSamlProvider < Models::IdentityProvider
7
- def name
8
- 'Azure'
9
- end
10
-
11
- def saml_options
12
- attributes.slice(
13
- 'domain',
14
- 'idp_cert',
15
- 'idp_sso_target_url',
16
- ).merge(
17
- issuer: "id:#{id}",
18
- ).symbolize_keys
19
- end
20
- end
21
- end
22
- end
data/lib/osso/models/saml_providers/okta_saml_provider.rb DELETED
@@ -1,23 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module Osso
4
- module Models
5
- # Subclass for Okta IDP instances
6
- class OktaSamlProvider < Models::IdentityProvider
7
- def name
8
- 'Okta'
9
- end
10
-
11
- def saml_options
12
- attributes.slice(
13
- 'domain',
14
- 'idp_cert',
15
- 'idp_sso_target_url',
16
- ).merge(
17
- issuer: id,
18
- name_identifier_format: NAME_FORMAT,
19
- ).symbolize_keys
20
- end
21
- end
22
- end
23
- end