osso 0.0.3.9 → 0.0.3.14

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3f0c8535a6ba6dd39ada0f3ba0aa0617ff96bd880ef6985149c0ecbeca57bc1a
-  data.tar.gz: da6bec63d5e071b1c0520e42cd67c3971851445bfad8ec597f1b9d1aef0759d8
+  metadata.gz: e7d4ef2f0655df3347758666ae0dff639659842ef02bb854de42630871cfc3e3
+  data.tar.gz: 9f77a13360c0ef5f0a2664b3294b1d8997f21b5b29468b3954dd33c569e46f0f
 SHA512:
-  metadata.gz: 3e3938abd7b541d6e272cb1b1420e9f4dc75738edd763cc1c35e82db4b315852c125f268ad8ed36528373252c23bdea79b7ac865711abb1c52159cae709c47c5
-  data.tar.gz: fa63314128c1833ddd1136ea1cdacee8e8f4cbfb92a6eaffc0c8ae8dfc0ccb93b62effcac55e0cf916033a32cd1941e5ea915959f032ed6a983133711f4610e0
+  metadata.gz: b4608569393ebd919ce87c15c033128480ff69aa75c7a5fb0d72bd195be33c088f8466a29a3b89e6a130e07988ab8908500a622644ab98edc13eb3b486099528
+  data.tar.gz: 6a38a9607747ab062a1597f600dd7ac53bacfe22dbfd487e1ba657ceb2123dbb8241ad8ec016c03460425a66be1a1d7c333ca92234ffc78999204e5804af0a9f

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    osso (0.0.3.9)
+    osso (0.0.3.14)
       activesupport (>= 6.0.3.2)
       graphql
       jwt

data/lib/osso/graphql/mutation.rb

@@ -12,6 +12,8 @@ module Osso
         field :create_oauth_client, mutation: Mutations::CreateOauthClient
         field :delete_enterprise_account, mutation: Mutations::DeleteEnterpriseAccount
         field :delete_oauth_client, mutation: Mutations::DeleteOauthClient
+        field :set_redirect_uris, mutation: Mutations::SetRedirectUris
+        field :regenerate_oauth_credentials, mutation: Mutations::RegenerateOauthCredentials
       end
     end
   end

data/lib/osso/graphql/mutations.rb

@@ -12,3 +12,5 @@ require_relative 'mutations/create_enterprise_account'
 require_relative 'mutations/create_oauth_client'
 require_relative 'mutations/delete_enterprise_account'
 require_relative 'mutations/delete_oauth_client'
+require_relative 'mutations/regenerate_oauth_credentials'
+require_relative 'mutations/set_redirect_uris'

data/lib/osso/graphql/mutations/regenerate_oauth_credentials.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Osso
+  module GraphQL
+    module Mutations
+      class RegenerateOauthCredentials < BaseMutation
+        null false
+
+        argument :id, ID, required: true
+
+        field :oauth_client, Types::OauthClient, null: false
+        field :errors, [String], null: false
+
+        def resolve(id:)
+          oauth_client = Osso::Models::OauthClient.find(id)
+          oauth_client.generate_secrets
+
+          return response_data(oauth_client: oauth_client) if oauth_client.save
+
+          response_error(errors: oauth_client.errors.full_messages)
+        end
+
+        def ready?(*)
+          return true if context[:scope] == :admin
+
+          raise ::GraphQL::ExecutionError, 'Only admin users may mutate OauthClients'
+        end
+      end
+    end
+  end
+end

data/lib/osso/graphql/mutations/set_redirect_uris.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+module Osso
+  module GraphQL
+    module Mutations
+      class SetRedirectUris < BaseMutation
+        null false
+
+        argument :id, ID, required: true
+        argument :redirect_uris, [Types::RedirectUrisInput], required: true
+
+        field :oauth_client, Types::OauthClient, null: true
+        field :errors, [String], null: false
+
+        def resolve(id:, redirect_uris:)
+          oauth_client = Osso::Models::OauthClient.find(id)
+
+          update_existing(oauth_client, redirect_uris)
+          create_new(oauth_client, redirect_uris)
+
+          response_data(oauth_client: oauth_client.reload)
+        rescue StandardError => e
+          response_error(errors: e)
+        end
+
+        def ready?(*)
+          return true if context[:scope] == :admin
+
+          raise ::GraphQL::ExecutionError, 'Only admin users may mutate OauthClients'
+        end
+
+        def update_existing(oauth_client, redirect_uris)
+          oauth_client.redirect_uris.each do |redirect|
+            updating_index = redirect_uris.index{ |incoming| incoming[:id] == redirect.id }
+
+            if updating_index
+              updating = redirect_uris.delete_at(updating_index)
+              redirect.update(updating.to_h)
+              next
+            end
+
+            redirect.destroy
+          end
+        end
+
+        def create_new(oauth_client, redirect_uris)
+          redirect_uris.map do |uri|
+            oauth_client.redirect_uris.create(uri.to_h.without(:id))
+          end
+        end
+      end
+    end
+  end
+end

data/lib/osso/graphql/query.rb

@@ -4,13 +4,17 @@ module Osso
   module GraphQL
     module Types
       class QueryType < ::GraphQL::Schema::Object
-        field :enterprise_accounts, null: true, resolver: Resolvers::EnterpriseAccounts
-        field :oauth_clients, null: true, resolver: Resolvers::OAuthClients
+        field :enterprise_accounts, null: true, resolver: Resolvers::EnterpriseAccounts do
+          argument :sort_column, String, required: false
+          argument :sort_order, String, required: false
+        end
 
         field :enterprise_account, null: true, resolver: Resolvers::EnterpriseAccount do
           argument :domain, String, required: true
         end
 
+        field :oauth_clients, null: true, resolver: Resolvers::OAuthClients
+
         field(
           :identity_provider,
           Types::IdentityProvider,
@@ -19,6 +23,15 @@ module Osso
         ) do
           argument :id, ID, required: true
         end
+
+        field(
+          :oauth_client,
+          Types::OauthClient,
+          null: true,
+          resolve: ->(_obj, args, _context) { Osso::Models::OauthClient.find(args[:id]) },
+        ) do
+          argument :id, ID, required: true
+        end
       end
     end
   end

data/lib/osso/graphql/resolvers/enterprise_accounts.rb

@@ -4,12 +4,20 @@ module Osso
   module GraphQL
     module Resolvers
       class EnterpriseAccounts < ::GraphQL::Schema::Resolver
-        type [Types::EnterpriseAccount], null: true
+        type Types::EnterpriseAccount.connection_type, null: true
 
-        def resolve
-          return Osso::Models::EnterpriseAccount.all if context[:scope] == :admin
+        def resolve(sort_column: nil, sort_order: nil)
+          return Array(Osso::Models::EnterpriseAccount.find_by(domain: context[:scope])) if context[:scope] != :admin
 
-          Array(Osso::Models::EnterpriseAccount.find_by(domain: context[:scope]))
+          accounts = Osso::Models::EnterpriseAccount
+
+          accounts = accounts.order(sort_column => sort_order_sym(sort_order)) if sort_column && sort_order
+
+          accounts.all
+        end
+
+        def sort_order_sym(order_string)
+          order_string == 'ascend' ? :asc : :desc
         end
       end
     end

data/lib/osso/graphql/types.rb

@@ -5,6 +5,7 @@ module Osso
   end
 end
 
+require_relative 'types/base_connection'
 require_relative 'types/base_object'
 require_relative 'types/base_enum'
 require_relative 'types/base_input_object'
@@ -12,5 +13,7 @@ require_relative 'types/identity_provider_service'
 require_relative 'types/identity_provider_status'
 require_relative 'types/identity_provider'
 require_relative 'types/enterprise_account'
+require_relative 'types/redirect_uri'
+require_relative 'types/redirect_uri_input'
 require_relative 'types/oauth_client'
 require_relative 'types/user'

data/lib/osso/graphql/types/base_connection.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Osso
+  module GraphQL
+    module Types
+      class BaseConnection < ::GraphQL::Types::Relay::BaseConnection
+        field :total_count, Integer, null: false
+
+        def total_count
+          object.items&.count
+        end
+      end
+    end
+  end
+end

data/lib/osso/graphql/types/base_object.rb

@@ -6,6 +6,8 @@ module Osso
   module GraphQL
     module Types
       class BaseObject < ::GraphQL::Schema::Object
+        connection_type_class GraphQL::Types::BaseConnection
+
         field :created_at, ::GraphQL::Types::ISO8601DateTime, null: false
         field :updated_at, ::GraphQL::Types::ISO8601DateTime, null: false
       end

data/lib/osso/graphql/types/oauth_client.rb

@@ -14,6 +14,7 @@ module Osso
         field :name, String, null: false
         field :client_id, String, null: false
         field :client_secret, String, null: false
+        field :redirect_uris, [Types::RedirectUri], null: true
 
         def client_id
           object.identifier

data/lib/osso/graphql/types/redirect_uri.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require 'graphql'
+
+module Osso
+  module GraphQL
+    module Types
+      class RedirectUri < Types::BaseObject
+        description 'An allowed redirect URI for an OauthClient'
+        implements ::GraphQL::Types::Relay::Node
+
+        global_id_field :gid
+        field :id, ID, null: false
+        field :uri, String, null: false
+        field :primary, Boolean, null: false
+
+        def self.authorized?(object, context)
+          super && context[:scope] == :admin
+        end
+      end
+    end
+  end
+end

data/lib/osso/graphql/types/redirect_uri_input.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require 'graphql'
+
+module Osso
+  module GraphQL
+    module Types
+      class RedirectUrisInput < Types::BaseInputObject
+        description 'Attributes for creating or updating a collection of redirect URIs for an Oauth Client'
+        argument :id, ID, 'Database ID', required: false
+        argument :uri, String, 'URI value', required: true
+        argument :primary, Boolean, 'Whether the URI is the primary uri used in IDP initiated login', required: true
+      end
+    end
+  end
+end

data/lib/osso/helpers/auth.rb

@@ -14,6 +14,8 @@ module Osso
         redirect ENV['JWT_URL']
       end
 
+      # use client id in payload to restrict customer
+      # users from accessing dev?
       def enterprise_authorized?(_domain)
         payload, _args = decode(token)
 

data/lib/osso/models/oauth_client.rb

@@ -9,11 +9,11 @@ module Osso
       has_many :identity_providers
       has_many :redirect_uris
 
-      before_validation :setup, on: :create
+      before_validation :generate_secrets, on: :create
       validates :name, :secret, presence: true
       validates :identifier, presence: true, uniqueness: true
 
-      def default_redirect_uri
+      def primary_redirect_uri
         redirect_uris.find(&:primary)
       end
 
@@ -21,9 +21,7 @@ module Osso
         redirect_uris.map(&:uri)
       end
 
-      private
-
-      def setup
+      def generate_secrets
         self.identifier = SecureRandom.hex(16)
         self.secret = SecureRandom.hex(32)
       end

data/lib/osso/routes/admin.rb

@@ -36,6 +36,12 @@ module Osso
 
         erb :admin
       end
+
+      get '/config/:id' do
+        admin_protected!
+
+        erb :admin
+      end
     end
   end
 end

data/lib/osso/routes/auth.rb

@@ -23,7 +23,7 @@ module Osso
         self,
         provider_name: 'saml',
         identity_provider_id_regex: UUID_REGEXP,
-        path_prefix: '/saml',
+        path_prefix: '/auth/saml',
         callback_suffix: 'callback',
       ) do |identity_provider_id, _env|
         provider = Models::IdentityProvider.find(identity_provider_id)
@@ -40,7 +40,7 @@ module Osso
       post '/saml/:id/callback' do
         provider = Models::IdentityProvider.find(params[:id])
         oauth_client = provider.oauth_client
-        redirect_uri = env['redirect_uri'] || oauth_client.default_redirect_uri.uri
+        redirect_uri = env['redirect_uri'] || oauth_client.primary_redirect_uri.uri
 
         attributes = env['omniauth.auth']&.
           extra&.

data/lib/osso/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Osso
-  VERSION = '0.0.3.9'
+  VERSION = '0.0.3.14'
 end

data/spec/graphql/query/enterprise_accounts_spec.rb

@@ -7,37 +7,51 @@ describe Osso::GraphQL::Schema do
     describe 'for an admin user' do
       let(:current_scope) { :admin }
 
-      it 'returns Enterprise Accounts' do
-        create_list(:enterprise_account, 2)
+      it 'returns paginated Enterprise Accounts' do
+        %w[A B C].map do |name|
+          create(:enterprise_account, name: name)
+        end
 
         query = <<~GRAPHQL
-          query EnterpriseAccounts {
-            enterpriseAccounts {
-              domain
-              id
-              identityProviders {
-                id
-                service
-                domain
-                acsUrl
-                ssoCert
-                ssoUrl
-                status
+          query EnterpriseAccounts($first: Int, $sortColumn: String, $sortOrder: String) {
+            enterpriseAccounts(first: $first, sortColumn: $sortColumn, sortOrder: $sortOrder) {
+              pageInfo {
+                hasNextPage
+                endCursor
+              }
+              totalCount
+              edges {
+                node {
+                  domain
+                  id
+                  identityProviders {
+                    id
+                    service
+                    domain
+                    acsUrl
+                    ssoCert
+                    ssoUrl
+                    status
+                  }
+                  name
+                  status
+                }
               }
-              name
-              status
             }
           }
         GRAPHQL
 
         response = described_class.execute(
           query,
-          variables: nil,
+          variables: { first: 2, sortOrder: 'descending', sortColumn: 'name' },
           context: { scope: current_scope },
         )
 
         expect(response['errors']).to be_nil
-        expect(response.dig('data', 'enterpriseAccounts').count).to eq(2)
+        expect(response.dig('data', 'enterpriseAccounts', 'edges').count).to eq(2)
+        expect(response.dig('data', 'enterpriseAccounts', 'edges', 0, 'node', 'name')).to eq('C')
+        expect(response.dig('data', 'enterpriseAccounts', 'totalCount')).to eq(3)
+        expect(response.dig('data', 'enterpriseAccounts', 'pageInfo', 'hasNextPage')).to eq(true)
       end
     end
   end

data/spec/routes/auth_spec.rb

@@ -3,6 +3,31 @@
 require 'spec_helper'
 
 describe Osso::Auth do
+  describe 'get /auth/saml/:uuid' do
+    describe 'for an Okta SAML provider' do
+      let(:enterprise) { create(:enterprise_with_okta) }
+      let(:okta_provider) { enterprise.identity_providers.first }
+      it 'uses omniauth saml' do
+        get("/auth/saml/#{okta_provider.id}")
+
+        expect(last_response).to be_redirect
+        follow_redirect!
+        expect(last_request.url).to match("auth/saml/#{okta_provider.id}")
+      end
+    end
+
+    describe 'for an Azure SAML provider' do
+      let(:enterprise) { create(:enterprise_with_okta) }
+      let(:azure_provider) { enterprise.identity_providers.first }
+      it 'uses omniauth saml' do
+        get("/auth/saml/#{azure_provider.id}")
+
+        expect(last_response).to be_redirect
+        follow_redirect!
+        expect(last_request.url).to match("auth/saml/#{azure_provider.id}")
+      end
+    end
+  end
   describe 'post /auth/saml/:uuid/callback' do
     describe 'for an Okta SAML provider' do
       let(:enterprise) { create(:enterprise_with_okta) }

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: osso
 version: !ruby/object:Gem::Version
-  version: 0.0.3.9
+  version: 0.0.3.14
 platform: ruby
 authors:
 - Sam Bauch
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-07-24 00:00:00.000000000 Z
+date: 2020-08-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -278,6 +278,8 @@ files:
 - lib/osso/graphql/mutations/create_oauth_client.rb
 - lib/osso/graphql/mutations/delete_enterprise_account.rb
 - lib/osso/graphql/mutations/delete_oauth_client.rb
+- lib/osso/graphql/mutations/regenerate_oauth_credentials.rb
+- lib/osso/graphql/mutations/set_redirect_uris.rb
 - lib/osso/graphql/query.rb
 - lib/osso/graphql/resolvers.rb
 - lib/osso/graphql/resolvers/enterprise_account.rb
@@ -285,6 +287,7 @@ files:
 - lib/osso/graphql/resolvers/oauth_clients.rb
 - lib/osso/graphql/schema.rb
 - lib/osso/graphql/types.rb
+- lib/osso/graphql/types/base_connection.rb
 - lib/osso/graphql/types/base_enum.rb
 - lib/osso/graphql/types/base_input_object.rb
 - lib/osso/graphql/types/base_object.rb
@@ -293,6 +296,8 @@ files:
 - lib/osso/graphql/types/identity_provider_service.rb
 - lib/osso/graphql/types/identity_provider_status.rb
 - lib/osso/graphql/types/oauth_client.rb
+- lib/osso/graphql/types/redirect_uri.rb
+- lib/osso/graphql/types/redirect_uri_input.rb
 - lib/osso/graphql/types/user.rb
 - lib/osso/helpers/auth.rb
 - lib/osso/helpers/helpers.rb