osso 0.0.3.8 → 0.0.3.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 73de8a2c5af9b7d62c94a5ed34c094455dc9b49b7345eb252308f7048e1164c0
-  data.tar.gz: c37913b5f3a857245d588ad03155ece0c5aca99c22c4c56069f50d442cb74db5
+  metadata.gz: 3f0c8535a6ba6dd39ada0f3ba0aa0617ff96bd880ef6985149c0ecbeca57bc1a
+  data.tar.gz: da6bec63d5e071b1c0520e42cd67c3971851445bfad8ec597f1b9d1aef0759d8
 SHA512:
-  metadata.gz: 3047a07787aa764d105e77580846d60a943d4bd859baed5c861aebd8face6fb461342f3cccc01cc58e33d66310ba0d852185605fea09eb54d21c126aa149230c
-  data.tar.gz: f61b3e5aa31946a69512762601d08ecc021be26a56df0b182fc826d53e7be0836ea019c90ad09fc6b927dc3b37ee8efbc01e6145c0c4af4ff97198b9cd89828c
+  metadata.gz: 3e3938abd7b541d6e272cb1b1420e9f4dc75738edd763cc1c35e82db4b315852c125f268ad8ed36528373252c23bdea79b7ac865711abb1c52159cae709c47c5
+  data.tar.gz: fa63314128c1833ddd1136ea1cdacee8e8f4cbfb92a6eaffc0c8ae8dfc0ccb93b62effcac55e0cf916033a32cd1941e5ea915959f032ed6a983133711f4610e0

data/.buildkite/pipeline.yml

@@ -1,6 +1,8 @@
 steps:
   - name: ":rspec:"
     commands: 
-        - "bundle install"
-        - "bundle exec rake db:test:prepare"
-        - "bundle exec rspec"
+      - bundle install
+      - bundle exec rake db:drop
+      - bundle exec rake db:create
+      - RACK_ENV=test bundle exec rake db:migrate
+      - bundle exec rspec

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    osso (0.0.3.8)
+    osso (0.0.3.9)
       activesupport (>= 6.0.3.2)
       graphql
       jwt
@@ -32,6 +32,9 @@ GEM
     addressable (2.7.0)
       public_suffix (>= 2.0.2, < 5.0)
     aes_key_wrap (1.0.1)
+    annotate (3.1.1)
+      activerecord (>= 3.2, < 7.0)
+      rake (>= 10.4, < 14.0)
     ast (2.4.1)
     attr_required (1.0.1)
     backports (3.18.1)
@@ -160,6 +163,7 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  annotate (~> 3.1)
   bundler (~> 2.1)
   database_cleaner-active_record
   factory_bot

data/bin/annotate

@@ -0,0 +1 @@
+annotate --require osso.rb  --models --model-dir ./lib/osso/models/ --position bottom -k -i

data/db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2020_07_22_230116) do
+ActiveRecord::Schema.define(version: 2020_07_23_162228) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "pgcrypto"
@@ -47,6 +47,8 @@ ActiveRecord::Schema.define(version: 2020_07_22_230116) do
     t.string "external_id"
     t.uuid "oauth_client_id"
     t.string "name", null: false
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
     t.index ["domain"], name: "index_enterprise_accounts_on_domain", unique: true
     t.index ["oauth_client_id"], name: "index_enterprise_accounts_on_oauth_client_id"
   end
@@ -54,48 +56,12 @@ ActiveRecord::Schema.define(version: 2020_07_22_230116) do
 # Could not dump table "identity_providers" because of following StandardError
 #   Unknown type 'identity_provider_status' for column 'status'
 
-  create_table "oauth_access_grants", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
-    t.uuid "resource_owner_id", null: false
-    t.uuid "application_id", null: false
-    t.string "token", null: false
-    t.integer "expires_in", null: false
-    t.text "redirect_uri", null: false
-    t.datetime "created_at", null: false
-    t.datetime "revoked_at"
-    t.string "scopes", default: "", null: false
-    t.index ["application_id"], name: "index_oauth_access_grants_on_application_id"
-    t.index ["token"], name: "index_oauth_access_grants_on_token", unique: true
-  end
-
-  create_table "oauth_access_tokens", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
-    t.uuid "resource_owner_id"
-    t.uuid "application_id"
-    t.string "token", null: false
-    t.string "refresh_token"
-    t.integer "expires_in"
-    t.datetime "revoked_at"
-    t.datetime "created_at", null: false
-    t.string "scopes"
-    t.string "previous_refresh_token", default: "", null: false
-    t.index ["application_id"], name: "index_oauth_access_tokens_on_application_id"
-    t.index ["refresh_token"], name: "index_oauth_access_tokens_on_refresh_token", unique: true
-    t.index ["token"], name: "index_oauth_access_tokens_on_token", unique: true
-  end
-
-  create_table "oauth_applications", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
-    t.string "name", null: false
-    t.string "secret", null: false
-    t.text "redirect_uri", null: false
-    t.string "scopes", default: "", null: false
-    t.boolean "confidential", default: true, null: false
-    t.datetime "created_at", precision: 6, null: false
-    t.datetime "updated_at", precision: 6, null: false
-  end
-
   create_table "oauth_clients", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
     t.string "name", null: false
     t.string "secret", null: false
     t.string "identifier", null: false
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
     t.index ["identifier"], name: "index_oauth_clients_on_identifier", unique: true
   end
 
@@ -103,6 +69,8 @@ ActiveRecord::Schema.define(version: 2020_07_22_230116) do
     t.string "uri", null: false
     t.boolean "primary", default: false, null: false
     t.uuid "oauth_client_id"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
     t.index ["oauth_client_id"], name: "index_redirect_uris_on_oauth_client_id"
     t.index ["uri", "primary"], name: "index_redirect_uris_on_uri_and_primary", unique: true
   end
@@ -112,13 +80,11 @@ ActiveRecord::Schema.define(version: 2020_07_22_230116) do
     t.string "idp_id", null: false
     t.uuid "identity_provider_id"
     t.uuid "enterprise_account_id"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
     t.index ["email", "idp_id"], name: "index_users_on_email_and_idp_id", unique: true
     t.index ["enterprise_account_id"], name: "index_users_on_enterprise_account_id"
   end
 
-  add_foreign_key "oauth_access_grants", "oauth_applications", column: "application_id"
-  add_foreign_key "oauth_access_grants", "users", column: "resource_owner_id"
-  add_foreign_key "oauth_access_tokens", "oauth_applications", column: "application_id"
-  add_foreign_key "oauth_access_tokens", "users", column: "resource_owner_id"
   add_foreign_key "users", "identity_providers"
 end

data/lib/osso/db/migrate/20200723153750_add_missing_timestamps.rb

@@ -0,0 +1,35 @@
+class AddMissingTimestamps < ActiveRecord::Migration[6.0]
+  def change
+    add_column :enterprise_accounts, :created_at, :timestamp
+    add_column :enterprise_accounts, :updated_at, :timestamp
+    update "UPDATE enterprise_accounts SET created_at = NOW(), updated_at = NOW()"    
+    change_column_null :enterprise_accounts, :created_at, false
+    change_column_null :enterprise_accounts, :updated_at, false
+
+
+    add_column :identity_providers, :created_at, :timestamp
+    add_column :identity_providers, :updated_at, :timestamp
+    update "UPDATE enterprise_accounts SET created_at = NOW(), updated_at = NOW()"    
+    change_column_null :enterprise_accounts, :created_at, false
+    change_column_null :enterprise_accounts, :updated_at, false
+
+    add_column :oauth_clients, :created_at, :timestamp
+    add_column :oauth_clients, :updated_at, :timestamp
+    update "UPDATE oauth_clients SET created_at = NOW(), updated_at = NOW()"    
+    change_column_null :oauth_clients, :created_at, false
+    change_column_null :oauth_clients, :updated_at, false
+
+    add_column :redirect_uris, :created_at, :timestamp
+    add_column :redirect_uris, :updated_at, :timestamp
+    update "UPDATE redirect_uris SET created_at = NOW(), updated_at = NOW()"    
+    change_column_null :redirect_uris, :created_at, false
+    change_column_null :redirect_uris, :updated_at, false
+
+    add_column :users, :created_at, :timestamp
+    add_column :users, :updated_at, :timestamp
+    update "UPDATE users SET created_at = NOW(), updated_at = NOW()"    
+    change_column_null :users, :created_at, false
+    change_column_null :users, :updated_at, false
+
+  end
+end

data/lib/osso/db/migrate/20200723162228_drop_unneeded_tables.rb

@@ -0,0 +1,9 @@
+class DropUnneededTables < ActiveRecord::Migration[6.0]
+  def change
+    drop_table(:oauth_grants, if_exists: true)
+    drop_table(:oauth_access_tokens, if_exists: true)
+    drop_table(:oauth_applications, if_exists: true)
+
+
+  end
+end

data/lib/osso/graphql/mutation.rb

@@ -9,7 +9,9 @@ module Osso
         field :configure_identity_provider, mutation: Mutations::ConfigureIdentityProvider, null: true
         field :create_identity_provider, mutation: Mutations::CreateIdentityProvider
         field :create_enterprise_account, mutation: Mutations::CreateEnterpriseAccount
-        field :set_identity_provider, mutation: Mutations::SetSamlProvider
+        field :create_oauth_client, mutation: Mutations::CreateOauthClient
+        field :delete_enterprise_account, mutation: Mutations::DeleteEnterpriseAccount
+        field :delete_oauth_client, mutation: Mutations::DeleteOauthClient
       end
     end
   end

data/lib/osso/graphql/mutations.rb

@@ -9,4 +9,6 @@ require_relative 'mutations/base_mutation'
 require_relative 'mutations/configure_identity_provider'
 require_relative 'mutations/create_identity_provider'
 require_relative 'mutations/create_enterprise_account'
-require_relative 'mutations/set_identity_provider'
+require_relative 'mutations/create_oauth_client'
+require_relative 'mutations/delete_enterprise_account'
+require_relative 'mutations/delete_oauth_client'

data/lib/osso/graphql/mutations/configure_identity_provider.rb

@@ -21,7 +21,7 @@ module Osso
           response_error(errors: provder.errors.messages)
         end
 
-        def ready?(id:, **args)
+        def ready?(id:, **_args)
           return true if context[:scope] == :admin
 
           domain = Osso::Models::IdentityProvider.find(id)&.domain

data/lib/osso/graphql/mutations/create_oauth_client.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Osso
+  module GraphQL
+    module Mutations
+      class CreateOauthClient < BaseMutation
+        null false
+
+        argument :name, String, required: true
+
+        field :oauth_client, Types::OauthClient, null: false
+        field :errors, [String], null: false
+
+        def resolve(**args)
+          oauth_client = Osso::Models::OauthClient.new(args)
+
+          return response_data(oauth_client: oauth_client) if oauth_client.save
+
+          response_error(errors: oauth_client.errors.full_messages)
+        end
+
+        def ready?(*)
+          return true if context[:scope] == :admin
+
+          raise ::GraphQL::ExecutionError, 'Only admin users may mutate OauthClients'
+        end
+      end
+    end
+  end
+end

data/lib/osso/graphql/mutations/delete_enterprise_account.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module Osso
+  module GraphQL
+    module Mutations
+      class DeleteEnterpriseAccount < BaseMutation
+        null false
+
+        argument :id, ID, required: true
+
+        field :enterprise_account, Types::EnterpriseAccount, null: true
+        field :errors, [String], null: false
+
+        def resolve(id:)
+          enterprise_account = Osso::Models::EnterpriseAccount.find(id)
+
+          return response_data(enterprise_account: nil) if enterprise_account.destroy
+
+          response_error(errors: enterprise_account.errors.full_messages)
+        end
+
+        def ready?(id:)
+          return true if context[:scope] == :admin
+
+          domain = account_domain(id)
+
+          return true if domain == context[:scope]
+
+          raise ::GraphQL::ExecutionError, "This user lacks the scope to mutate records belonging to #{domain}"
+        end
+      end
+    end
+  end
+end

data/lib/osso/graphql/mutations/delete_oauth_client.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Osso
+  module GraphQL
+    module Mutations
+      class DeleteOauthClient < BaseMutation
+        null false
+
+        argument :id, ID, required: true
+
+        field :oauth_client, Types::OauthClient, null: true
+        field :errors, [String], null: false
+
+        def resolve(id:)
+          oauth_client = Osso::Models::OauthClient.find(id)
+
+          return response_data(oauth_client: nil) if oauth_client.destroy
+
+          response_error(errors: oauth_client.errors.full_messages)
+        end
+
+        def ready?(*)
+          return true if context[:scope] == :admin
+
+          raise ::GraphQL::ExecutionError, 'Only admin users may mutate OauthClients'
+        end
+      end
+    end
+  end
+end

data/lib/osso/graphql/resolvers/oauth_clients.rb

@@ -4,7 +4,7 @@ module Osso
   module GraphQL
     module Resolvers
       class OAuthClients < ::GraphQL::Schema::Resolver
-        type [Types::OAuthClient], null: true
+        type [Types::OauthClient], null: true
 
         def resolve
           return Osso::Models::OauthClient.all if context[:scope] == :admin

data/lib/osso/graphql/types/base_object.rb

@@ -6,6 +6,8 @@ module Osso
   module GraphQL
     module Types
       class BaseObject < ::GraphQL::Schema::Object
+        field :created_at, ::GraphQL::Types::ISO8601DateTime, null: false
+        field :updated_at, ::GraphQL::Types::ISO8601DateTime, null: false
       end
     end
   end

data/lib/osso/graphql/types/oauth_client.rb

@@ -5,7 +5,7 @@ require 'graphql'
 module Osso
   module GraphQL
     module Types
-      class OAuthClient < Types::BaseObject
+      class OauthClient < Types::BaseObject
         description 'An OAuth client used to consume Osso SAML users'
         implements ::GraphQL::Types::Relay::Node
 
@@ -14,6 +14,18 @@ module Osso
         field :name, String, null: false
         field :client_id, String, null: false
         field :client_secret, String, null: false
+
+        def client_id
+          object.identifier
+        end
+
+        def client_secret
+          object.secret
+        end
+
+        def self.authorized?(object, context)
+          super && context[:scope] == :admin
+        end
       end
     end
   end

data/lib/osso/helpers/auth.rb

@@ -15,12 +15,7 @@ module Osso
       end
 
       def enterprise_authorized?(_domain)
-        payload, _args = JWT.decode(
-          token,
-          ENV['JWT_HMAC_SECRET'],
-          true,
-          { algorithm: 'HS256' },
-        )
+        payload, _args = decode(token)
 
         @current_scope = payload['scope']
 
@@ -36,12 +31,7 @@ module Osso
       end
 
       def admin_authorized?
-        payload, _args = JWT.decode(
-          token,
-          ENV['JWT_HMAC_SECRET'],
-          true,
-          { algorithm: 'HS256' },
-        )
+        payload, _args = decode(token)
 
         if payload['scope'] == 'admin'
           @current_scope = :admin
@@ -66,6 +56,15 @@ module Osso
 
         redirect request.path
       end
+
+      def decode(token)
+        JWT.decode(
+          token,
+          ENV['JWT_HMAC_SECRET'],
+          true,
+          { algorithm: 'HS256' },
+        )
+      end
     end
   end
 end

data/lib/osso/models/access_token.rb

@@ -27,3 +27,21 @@ module Osso
     end
   end
 end
+
+# == Schema Information
+#
+# Table name: access_tokens
+#
+#  id              :uuid             not null, primary key
+#  token           :string
+#  expires_at      :datetime
+#  created_at      :datetime         not null
+#  updated_at      :datetime         not null
+#  user_id         :uuid
+#  oauth_client_id :uuid
+#
+# Indexes
+#
+#  index_access_tokens_on_oauth_client_id  (oauth_client_id)
+#  index_access_tokens_on_user_id          (user_id)
+#

data/lib/osso/models/authorization_code.rb

@@ -12,3 +12,23 @@ module Osso
     end
   end
 end
+
+# == Schema Information
+#
+# Table name: authorization_codes
+#
+#  id              :uuid             not null, primary key
+#  token           :string
+#  redirect_uri    :string
+#  expires_at      :datetime
+#  created_at      :datetime         not null
+#  updated_at      :datetime         not null
+#  user_id         :uuid
+#  oauth_client_id :uuid
+#
+# Indexes
+#
+#  index_authorization_codes_on_oauth_client_id  (oauth_client_id)
+#  index_authorization_codes_on_token            (token) UNIQUE
+#  index_authorization_codes_on_user_id          (user_id)
+#

data/lib/osso/models/enterprise_account.rb

@@ -26,3 +26,23 @@ module Osso
     end
   end
 end
+
+# == Schema Information
+#
+# Table name: enterprise_accounts
+#
+#  id              :uuid             not null, primary key
+#  domain          :string           not null
+#  external_uuid   :uuid
+#  external_int_id :integer
+#  external_id     :string
+#  oauth_client_id :uuid
+#  name            :string           not null
+#  created_at      :datetime         not null
+#  updated_at      :datetime         not null
+#
+# Indexes
+#
+#  index_enterprise_accounts_on_domain           (domain) UNIQUE
+#  index_enterprise_accounts_on_oauth_client_id  (oauth_client_id)
+#

data/lib/osso/models/identity_provider.rb

@@ -10,7 +10,6 @@ module Osso
       has_many :users
       before_save :set_status
 
-
       def name
         service.titlecase
         # raise(
@@ -54,3 +53,25 @@ module Osso
     end
   end
 end
+
+# == Schema Information
+#
+# Table name: identity_providers
+#
+#  id                    :uuid             not null, primary key
+#  service               :string
+#  domain                :string           not null
+#  sso_url               :string
+#  sso_cert              :text
+#  enterprise_account_id :uuid
+#  oauth_client_id       :uuid
+#  status                :enum             default("PENDING")
+#  created_at            :datetime
+#  updated_at            :datetime
+#
+# Indexes
+#
+#  index_identity_providers_on_domain                 (domain)
+#  index_identity_providers_on_enterprise_account_id  (enterprise_account_id)
+#  index_identity_providers_on_oauth_client_id        (oauth_client_id)
+#

data/lib/osso/models/models.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+# -*- SkipSchemaAnnotations
+
 require 'sinatra/activerecord'
 
 module Osso

data/lib/osso/models/oauth_client.rb

@@ -25,8 +25,24 @@ module Osso
 
       def setup
         self.identifier = SecureRandom.hex(16)
-        self.secret = SecureRandom.hex(64)
+        self.secret = SecureRandom.hex(32)
       end
     end
   end
 end
+
+# == Schema Information
+#
+# Table name: oauth_clients
+#
+#  id         :uuid             not null, primary key
+#  name       :string           not null
+#  secret     :string           not null
+#  identifier :string           not null
+#  created_at :datetime         not null
+#  updated_at :datetime         not null
+#
+# Indexes
+#
+#  index_oauth_clients_on_identifier  (identifier) UNIQUE
+#

data/lib/osso/models/redirect_uri.rb

@@ -18,3 +18,20 @@ module Osso
     end
   end
 end
+
+# == Schema Information
+#
+# Table name: redirect_uris
+#
+#  id              :uuid             not null, primary key
+#  uri             :string           not null
+#  primary         :boolean          default(FALSE), not null
+#  oauth_client_id :uuid
+#  created_at      :datetime         not null
+#  updated_at      :datetime         not null
+#
+# Indexes
+#
+#  index_redirect_uris_on_oauth_client_id  (oauth_client_id)
+#  index_redirect_uris_on_uri_and_primary  (uri,primary) UNIQUE
+#

data/lib/osso/models/user.rb

@@ -22,3 +22,25 @@ module Osso
     end
   end
 end
+
+# == Schema Information
+#
+# Table name: users
+#
+#  id                    :uuid             not null, primary key
+#  email                 :string           not null
+#  idp_id                :string           not null
+#  identity_provider_id  :uuid
+#  enterprise_account_id :uuid
+#  created_at            :datetime         not null
+#  updated_at            :datetime         not null
+#
+# Indexes
+#
+#  index_users_on_email_and_idp_id       (email,idp_id) UNIQUE
+#  index_users_on_enterprise_account_id  (enterprise_account_id)
+#
+# Foreign Keys
+#
+#  fk_rails_...  (identity_provider_id => identity_providers.id)
+#

data/lib/osso/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Osso
-  VERSION = '0.0.3.8'
+  VERSION = '0.0.3.9'
 end

data/osso-rb.gemspec

@@ -28,6 +28,7 @@ Gem::Specification.new do |spec|
   spec.add_runtime_dependency 'sinatra-activerecord'
   spec.add_runtime_dependency 'sinatra-contrib'
 
+  spec.add_development_dependency 'annotate', '~> 3.1'
   spec.add_development_dependency 'bundler', '~> 2.1'
   spec.add_development_dependency 'pry'
 

data/spec/factories/identity_providers.rb

@@ -47,3 +47,25 @@ FactoryBot.define do
     end
   end
 end
+
+# == Schema Information
+#
+# Table name: identity_providers
+#
+#  id                    :uuid             not null, primary key
+#  service               :string
+#  domain                :string           not null
+#  sso_url               :string
+#  sso_cert              :text
+#  enterprise_account_id :uuid
+#  oauth_client_id       :uuid
+#  status                :enum             default("PENDING")
+#  created_at            :datetime
+#  updated_at            :datetime
+#
+# Indexes
+#
+#  index_identity_providers_on_domain                 (domain)
+#  index_identity_providers_on_enterprise_account_id  (enterprise_account_id)
+#  index_identity_providers_on_oauth_client_id        (oauth_client_id)
+#

data/spec/graphql/mutations/configure_identity_provider_spec.rb

@@ -47,7 +47,7 @@ describe Osso::GraphQL::Schema do
       let(:current_scope) { :admin }
       it 'configures an identity provider' do
         expect(subject.dig('data', 'configureIdentityProvider', 'identityProvider', 'status')).
-          to eq('configured')
+          to eq('Configured')
       end
     end
 

data/spec/graphql/mutations/create_oauth_client_spec.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Osso::GraphQL::Schema do
+  describe 'CreateOauthClient' do
+    let(:variables) do
+      {
+        input: {
+          name: Faker::Company.name,
+        },
+      }
+    end
+
+    let(:mutation) do
+      <<~GRAPHQL
+         mutation CreateOauthClient($input: CreateOauthClientInput!) {
+          createOauthClient(input: $input) {
+            oauthClient {
+              id
+              name
+              clientId
+              clientSecret
+            }
+          }
+        }
+      GRAPHQL
+    end
+
+    subject do
+      described_class.execute(
+        mutation,
+        variables: variables,
+        context: { scope: current_scope },
+      )
+    end
+
+    describe 'for an admin user' do
+      let(:current_scope) { :admin }
+      it 'creates an OauthClient' do
+        expect { subject }.to change { Osso::Models::OauthClient.count }.by(1)
+        expect(subject.dig('data', 'createOauthClient', 'oauthClient', 'clientId')).
+          to_not be_nil
+      end
+    end
+
+    describe 'for an email scoped user' do
+      let(:current_scope) { 'foo.com' }
+
+      it 'does not create an OauthClient Account' do
+        expect { subject }.to_not(change { Osso::Models::OauthClient.count })
+      end
+    end
+  end
+end

data/spec/graphql/mutations/delete_enterprise_account_spec.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Osso::GraphQL::Schema do
+  describe 'DeleteEnterpriseAccount' do
+    let(:domain) { Faker::Internet.domain_name }
+    let!(:enterprise_account) { create(:enterprise_account, domain: domain) }
+    let(:variables) do
+      {
+        input: {
+          id: enterprise_account.id,
+        },
+      }
+    end
+
+    let(:mutation) do
+      <<~GRAPHQL
+         mutation DeleteEnterpriseAccount($input: DeleteEnterpriseAccountInput!) {
+          deleteEnterpriseAccount(input: $input) {
+            enterpriseAccount {
+              id
+            }
+          }
+        }
+      GRAPHQL
+    end
+
+    subject do
+      described_class.execute(
+        mutation,
+        variables: variables,
+        context: { scope: current_scope },
+      )
+    end
+
+    describe 'for an admin user' do
+      let(:current_scope) { :admin }
+      it 'deletes an Enterprise Account' do
+        expect { subject }.to change { Osso::Models::EnterpriseAccount.count }.by(-1)
+        expect(subject.dig('data', 'createEnterpriseAccount', 'enterpriseAccount')).
+          to be_nil
+      end
+    end
+
+    describe 'for an email scoped user' do
+      let(:current_scope) { domain }
+
+      it 'deletes the Enterprise Account' do
+        expect { subject }.to change { Osso::Models::EnterpriseAccount.count }.by(-1)
+        expect(subject.dig('data', 'createEnterpriseAccount', 'enterpriseAccount')).
+          to be_nil
+      end
+    end
+    describe 'for the wrong email scoped user' do
+      let(:current_scope) { 'foo.com' }
+
+      it 'does not delete the Enterprise Account' do
+        expect { subject }.to_not(change { Osso::Models::EnterpriseAccount.count })
+      end
+    end
+  end
+end

data/spec/graphql/mutations/delete_oauth_client_spec.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Osso::GraphQL::Schema do
+  describe 'DeleteOauthClient' do
+    let!(:oauth_client) { create(:oauth_client) }
+    let(:variables) do
+      {
+        input: {
+          id: oauth_client.id,
+        },
+      }
+    end
+
+    let(:mutation) do
+      <<~GRAPHQL
+         mutation DeleteOauthClient($input: DeleteOauthClientInput!) {
+          deleteOauthClient(input: $input) {
+            oauthClient {
+              id
+            }
+          }
+        }
+      GRAPHQL
+    end
+
+    subject do
+      described_class.execute(
+        mutation,
+        variables: variables,
+        context: { scope: current_scope },
+      )
+    end
+
+    describe 'for an admin user' do
+      let(:current_scope) { :admin }
+      it 'deletes the OauthClient' do
+        expect { subject }.to change { Osso::Models::OauthClient.count }.by(-1)
+      end
+    end
+
+    describe 'for an email scoped user' do
+      let(:current_scope) { 'foo.com' }
+
+      it 'does not create an OauthClient Account' do
+        expect { subject }.to_not(change { Osso::Models::OauthClient.count })
+      end
+    end
+  end
+end

data/spec/graphql/query/identity_provider_spec.rb

@@ -55,7 +55,7 @@ describe Osso::GraphQL::Schema do
 
     describe 'for the wrong email scoped user' do
       let(:current_scope) { 'bar.com' }
-      
+
       it 'returns Enterprise Account for domain' do
         expect(subject['errors']).to_not be_empty
         expect(subject.dig('data', 'enterpriseAccount')).to be_nil

data/spec/graphql/query/{oauth_clients_account_spec.rb → oauth_clients_spec.rb}

@@ -10,6 +10,8 @@ describe Osso::GraphQL::Schema do
           oauthClients {
             name
             id
+            clientSecret
+            clientId
           }
         }
       GRAPHQL

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: osso
 version: !ruby/object:Gem::Version
-  version: 0.0.3.8
+  version: 0.0.3.9
 platform: ruby
 authors:
 - Sam Bauch
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-07-23 00:00:00.000000000 Z
+date: 2020-07-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -178,6 +178,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: annotate
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -210,6 +224,7 @@ description: This gem includes the main functionality for Osso apps,
 email:
 - sbauch@gmail.com
 executables:
+- annotate
 - console
 - setup
 extensions: []
@@ -229,6 +244,7 @@ files:
 - LICENSE
 - README.md
 - Rakefile
+- bin/annotate
 - bin/console
 - bin/setup
 - config/database.yml
@@ -238,7 +254,6 @@ files:
 - lib/osso/Rakefile
 - lib/osso/db/migrate/20190909230109_enable_uuid.rb
 - lib/osso/db/migrate/20200328135750_create_users.rb
-- lib/osso/db/migrate/20200328143303_create_oauth_tables.rb
 - lib/osso/db/migrate/20200328143305_create_identity_providers.rb
 - lib/osso/db/migrate/20200411184535_add_provider_id_to_users.rb
 - lib/osso/db/migrate/20200411192645_create_enterprise_accounts.rb
@@ -251,6 +266,8 @@ files:
 - lib/osso/db/migrate/20200715154211_rename_idp_fields_on_identity_provider_to_sso.rb
 - lib/osso/db/migrate/20200715205801_add_name_to_enterprise_account.rb
 - lib/osso/db/migrate/20200722230116_add_identity_provider_status_enum_and_use_on_identity_providers.rb
+- lib/osso/db/migrate/20200723153750_add_missing_timestamps.rb
+- lib/osso/db/migrate/20200723162228_drop_unneeded_tables.rb
 - lib/osso/graphql/.DS_Store
 - lib/osso/graphql/mutation.rb
 - lib/osso/graphql/mutations.rb
@@ -258,7 +275,9 @@ files:
 - lib/osso/graphql/mutations/configure_identity_provider.rb
 - lib/osso/graphql/mutations/create_enterprise_account.rb
 - lib/osso/graphql/mutations/create_identity_provider.rb
-- lib/osso/graphql/mutations/set_identity_provider.rb
+- lib/osso/graphql/mutations/create_oauth_client.rb
+- lib/osso/graphql/mutations/delete_enterprise_account.rb
+- lib/osso/graphql/mutations/delete_oauth_client.rb
 - lib/osso/graphql/query.rb
 - lib/osso/graphql/resolvers.rb
 - lib/osso/graphql/resolvers/enterprise_account.rb
@@ -287,9 +306,6 @@ files:
 - lib/osso/models/models.rb
 - lib/osso/models/oauth_client.rb
 - lib/osso/models/redirect_uri.rb
-- lib/osso/models/saml_provider.rb
-- lib/osso/models/saml_providers/azure_saml_provider.rb
-- lib/osso/models/saml_providers/okta_saml_provider.rb
 - lib/osso/models/user.rb
 - lib/osso/rake.rb
 - lib/osso/routes/admin.rb
@@ -310,10 +326,13 @@ files:
 - spec/graphql/mutations/configure_identity_provider_spec.rb
 - spec/graphql/mutations/create_enterprise_account_spec.rb
 - spec/graphql/mutations/create_identity_provider_spec.rb
+- spec/graphql/mutations/create_oauth_client_spec.rb
+- spec/graphql/mutations/delete_enterprise_account_spec.rb
+- spec/graphql/mutations/delete_oauth_client_spec.rb
 - spec/graphql/query/enterprise_account_spec.rb
 - spec/graphql/query/enterprise_accounts_spec.rb
 - spec/graphql/query/identity_provider_spec.rb
-- spec/graphql/query/oauth_clients_account_spec.rb
+- spec/graphql/query/oauth_clients_spec.rb
 - spec/models/azure_saml_provider_spec.rb
 - spec/models/identity_provider_spec.rb
 - spec/models/okta_saml_provider_spec.rb

data/lib/osso/db/migrate/20200328143303_create_oauth_tables.rb

@@ -1,57 +0,0 @@
-# frozen_string_literal: true
-
-class CreateOauthTables < ActiveRecord::Migration[6.0]
-  def change
-    create_table :oauth_applications, id: :uuid do |t|
-      t.string  :name,    null: false
-      t.string  :secret,  null: false
-      t.text    :redirect_uri, null: false
-      t.string  :scopes,       null: false, default: ''
-      t.boolean :confidential, null: false, default: true
-      t.timestamps             null: false
-    end
-
-    create_table :oauth_access_grants, id: :uuid do |t|
-      t.uuid :resource_owner_id, null: false
-      t.references :application, type: :uuid, null: false
-      t.string   :token,             null: false
-      t.integer  :expires_in,        null: false
-      t.text     :redirect_uri,      null: false
-      t.datetime :created_at,        null: false
-      t.datetime :revoked_at
-      t.string   :scopes, null: false, default: ''
-    end
-
-    add_index :oauth_access_grants, :token, unique: true
-    add_foreign_key(
-      :oauth_access_grants,
-      :oauth_applications,
-      column: :application_id
-    )
-
-    create_table :oauth_access_tokens, id: :uuid do |t|
-      t.uuid :resource_owner_id
-      t.references :application, type: :uuid
-      t.string :token, null: false
-
-      t.string   :refresh_token
-      t.integer  :expires_in
-      t.datetime :revoked_at
-      t.datetime :created_at, null: false
-      t.string   :scopes
-
-      t.string   :previous_refresh_token, null: false, default: ''
-    end
-
-    add_index :oauth_access_tokens, :token, unique: true
-    add_index :oauth_access_tokens, :refresh_token, unique: true
-    add_foreign_key(
-      :oauth_access_tokens,
-      :oauth_applications,
-      column: :application_id
-    )
-
-    add_foreign_key :oauth_access_grants, :users, column: :resource_owner_id
-    add_foreign_key :oauth_access_tokens, :users, column: :resource_owner_id
-  end
-end

data/lib/osso/graphql/mutations/set_identity_provider.rb

@@ -1,27 +0,0 @@
-# frozen_string_literal: true
-
-module Osso
-  module GraphQL
-    module Mutations
-      class SetSamlProvider < BaseMutation
-        null false
-
-        argument :provider, Types::IdentityProviderService, required: true
-        argument :id, ID, required: true
-
-        field :identity_provider, Types::IdentityProvider, null: false
-        field :errors, [String], null: false
-
-        def resolve(provider:, id:)
-          identity_provider = Osso::Models::IdentityProvider.find(id)
-          identity_provider.service = provider
-          identity_provider.save!
-          {
-            identity_provider: identity_provider,
-            errors: [],
-          }
-        end
-      end
-    end
-  end
-end

data/lib/osso/models/saml_provider.rb

@@ -1,49 +0,0 @@
-# frozen_string_literal: true
-
-module Osso
-  module Models
-    # Base class for SAML Providers
-    class IdentityProvider < ActiveRecord::Base
-      NAME_FORMAT = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
-      belongs_to :enterprise_account
-      belongs_to :oauth_client
-      has_many :users
-
-      before_create :create_enterprise_account
-
-      # def name
-      #   raise(
-      #     NoMethodError,
-      #     '#name must be defined on each provider specific subclass',
-      #   )
-      # end
-
-      # def saml_options
-      #   raise(
-      #     NoMethodError,
-      #     '#saml_options must be defined on each provider specific subclass',
-      #   )
-      # end
-
-      def assertion_consumer_service_url
-        [
-          ENV.fetch('BASE_URL'),
-          'auth',
-          'saml',
-          id,
-          'callback',
-        ].join('/')
-      end
-
-      alias acs_url assertion_consumer_service_url
-
-      def create_enterprise_account
-        return if enterprise_account_id
-
-        self.enterprise_account = Models::EnterpriseAccount.create(
-          domain: domain,
-        )
-      end
-    end
-  end
-end

data/lib/osso/models/saml_providers/azure_saml_provider.rb

@@ -1,22 +0,0 @@
-# frozen_string_literal: true
-
-module Osso
-  module Models
-    # Subclass for Azure / ADFS IDP instances
-    class AzureSamlProvider < Models::IdentityProvider
-      def name
-        'Azure'
-      end
-
-      def saml_options
-        attributes.slice(
-          'domain',
-          'idp_cert',
-          'idp_sso_target_url',
-        ).merge(
-          issuer: "id:#{id}",
-        ).symbolize_keys
-      end
-    end
-  end
-end

data/lib/osso/models/saml_providers/okta_saml_provider.rb

@@ -1,23 +0,0 @@
-# frozen_string_literal: true
-
-module Osso
-  module Models
-    # Subclass for Okta IDP instances
-    class OktaSamlProvider < Models::IdentityProvider
-      def name
-        'Okta'
-      end
-
-      def saml_options
-        attributes.slice(
-          'domain',
-          'idp_cert',
-          'idp_sso_target_url',
-        ).merge(
-          issuer: id,
-          name_identifier_format: NAME_FORMAT,
-        ).symbolize_keys
-      end
-    end
-  end
-end