osso 0.0.5.pre.iota → 0.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 235fe13e7b403d95ad9874e9b06d9fa98f57172a079729ee911a00405973613a
-  data.tar.gz: 1d54deb9b34c9db6a6fe14f04945ed31249dfa48b39c7a8be8b68883db5e0761
+  metadata.gz: 13dd15fc9ae37a98f93fdf432534cfb91b04ad6838e799e12e7d77354a90aa0e
+  data.tar.gz: de98a03a7d7580e77b8a664c1bbfc6aba64ab95a46cd894bf09cdc7675d890e2
 SHA512:
-  metadata.gz: 32e88b6b88fda909b392bfe36a9881745b58c894216f72dd0a876068130fb800b764aee9f21e95ca5aab8b683f864f3b3d4087beedbd340a538ea77e25473201
-  data.tar.gz: b81e88465da27da4b3b21de5ff159719ac9f6ce7a61495be6a4d2d7ab38a3d41b4ab4453ac29b123181af61445ef78bf558e9a556a1ef7296170155989a29bf1
+  metadata.gz: e92e3154859aed2e787d103d473c418aefca93560fb2d23be70fe8bfeef284acbcc9debb8e425ce8cb780ae987d7ef7cea94008400235aff41496af1f5177848
+  data.tar.gz: 62e8f00ceab23928294bdbc98f671d480e1c86886de4db9a72c8fadf48e280a250e7860669e33571c0ed761fbad37c51054c5931f06bd009f9bb499fb26f7ccd

data/.buildkite/pipeline.yml

@@ -2,8 +2,10 @@ steps:
   - name: ":rspec:"
     commands: 
       - bundle install
-      - bundle exec rake db:drop
-      - bundle exec rake db:create
+      - dropdb ossorb-development --if-exists
+      - dropdb ossorb-test --if-exists
+      - createdb ossorb-development
+      - createdb ossorb-test
       - RACK_ENV=test bundle exec rake db:migrate
       - bundle exec rspec
     artifact_paths:

data/.rubocop.yml

@@ -79,4 +79,7 @@ Style/Documentation:
   Enabled: false
   Exclude:
     - 'spec/**/*'
-    - 'db/**.*'
+    - 'db/**.*'
+
+Gemspec/RequiredRubyVersion:
+  Enabled: false

data/Gemfile.lock

@@ -1,16 +1,21 @@
 PATH
   remote: .
   specs:
-    osso (0.0.5.pre.theta)
+    osso (0.0.5)
       activesupport (>= 6.0.3.2)
+      bcrypt (~> 3.1.13)
       graphql
       jwt
+      mail (~> 2.7.1)
       omniauth-multi-provider
       omniauth-saml
       rack (>= 2.1.4)
       rack-contrib
       rack-oauth2
       rake
+      rodauth (~> 2.5.0)
+      sequel (~> 5.37.0)
+      sequel-activerecord_connection (~> 0.3)
       sinatra
       sinatra-activerecord
       sinatra-contrib
@@ -18,12 +23,12 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    activemodel (6.0.3.3)
-      activesupport (= 6.0.3.3)
-    activerecord (6.0.3.3)
-      activemodel (= 6.0.3.3)
-      activesupport (= 6.0.3.3)
-    activesupport (6.0.3.3)
+    activemodel (6.0.3.4)
+      activesupport (= 6.0.3.4)
+    activerecord (6.0.3.4)
+      activemodel (= 6.0.3.4)
+      activesupport (= 6.0.3.4)
+    activesupport (6.0.3.4)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
@@ -37,6 +42,7 @@ GEM
       rake (>= 10.4, < 14.0)
     ast (2.4.1)
     attr_required (1.0.1)
+    bcrypt (3.1.16)
     bindata (2.4.8)
     coderay (1.1.3)
     concurrent-ruby (1.1.7)
@@ -51,7 +57,7 @@ GEM
       activesupport (>= 5.0.0)
     faker (2.14.0)
       i18n (>= 1.6, < 2)
-    graphql (1.11.4)
+    graphql (1.11.6)
     hashdiff (1.0.1)
     hashie (4.1.0)
     httpclient (2.8.3)
@@ -63,7 +69,10 @@ GEM
       aes_key_wrap
       bindata
     jwt (2.2.2)
+    mail (2.7.1)
+      mini_mime (>= 0.1.1)
     method_source (1.0.0)
+    mini_mime (1.0.2)
     mini_portile2 (2.4.0)
     minitest (5.14.2)
     multi_json (1.15.0)
@@ -76,11 +85,11 @@ GEM
       rack (>= 1.6.2, < 3)
     omniauth-multi-provider (0.2.1)
       omniauth
-    omniauth-saml (1.10.2)
+    omniauth-saml (1.10.3)
       omniauth (~> 1.3, >= 1.3.2)
       ruby-saml (~> 1.9)
     parallel (1.19.2)
-    parser (2.7.1.4)
+    parser (2.7.2.0)
       ast (~> 2.4.1)
     pg (1.2.3)
     pry (0.13.1)
@@ -102,36 +111,45 @@ GEM
       rack (>= 1.0, < 3)
     rainbow (3.0.0)
     rake (13.0.1)
-    regexp_parser (1.8.0)
+    regexp_parser (1.8.2)
     rexml (3.2.4)
+    roda (3.37.0)
+      rack
+    rodauth (2.5.0)
+      roda (>= 2.6.0)
+      sequel (>= 4)
     rspec (3.9.0)
       rspec-core (~> 3.9.0)
       rspec-expectations (~> 3.9.0)
       rspec-mocks (~> 3.9.0)
-    rspec-core (3.9.2)
+    rspec-core (3.9.3)
       rspec-support (~> 3.9.3)
-    rspec-expectations (3.9.2)
+    rspec-expectations (3.9.3)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.9.0)
     rspec-mocks (3.9.1)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.9.0)
-    rspec-support (3.9.3)
-    rubocop (0.91.0)
+    rspec-support (3.9.4)
+    rubocop (1.1.0)
       parallel (~> 1.10)
-      parser (>= 2.7.1.1)
+      parser (>= 2.7.1.5)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.7)
+      regexp_parser (>= 1.8)
       rexml
-      rubocop-ast (>= 0.4.0, < 1.0)
+      rubocop-ast (>= 1.0.1)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 2.0)
-    rubocop-ast (0.4.2)
-      parser (>= 2.7.1.4)
+    rubocop-ast (1.1.0)
+      parser (>= 2.7.1.5)
     ruby-progressbar (1.10.1)
     ruby-saml (1.11.0)
       nokogiri (>= 1.5.10)
     ruby2_keywords (0.0.2)
+    sequel (5.37.0)
+    sequel-activerecord_connection (0.4.1)
+      activerecord (>= 4.2, < 7)
+      sequel (~> 5.16)
     simplecov (0.17.0)
       docile (~> 1.1)
       json (>= 1.8, < 3)
@@ -142,7 +160,7 @@ GEM
       rack (~> 2.2)
       rack-protection (= 2.1.0)
       tilt (~> 2.0)
-    sinatra-activerecord (2.0.18)
+    sinatra-activerecord (2.0.21)
       activerecord (>= 4.1)
       sinatra (>= 1.0)
     sinatra-contrib (2.1.0)
@@ -156,11 +174,11 @@ GEM
     tzinfo (1.2.7)
       thread_safe (~> 0.1)
     unicode-display_width (1.7.0)
-    webmock (3.9.1)
+    webmock (3.9.3)
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
-    zeitwerk (2.4.0)
+    zeitwerk (2.4.1)
 
 PLATFORMS
   ruby

data/LICENSE

@@ -2,33 +2,31 @@ Business Source License 1.1
 
 Parameters
 
-Licensor:             Samuel Bauch
+Licensor:             EnterpriseOSS, Inc.
 Licensed Work:        osso-rb
-                      The Licensed Work is (c) 2020 Samuel Bauch.
-Additional Use Grant: You may make use of the Licensed Work, provided that you do
-                      not use the Licensed Work in a Single Sign On Management
-                      Service.
-
-                      A "Single Sign On Management Service" is an offering
-                      (be it free or commercial) that uses the Licensed Work
-                      to allow third parties (other than your employees and 
-                      contractors) to access the functionality of the 
-                      Licensed Work such that any fourth parties directly 
-                      benefit from the authentication, configuration, or 
-                      documentation features of the Licensed Work.
-
-                      You thus may only use the Licensed Work in a manner 
-                      whereby parties who directly benefit from the 
-                      authentication, configuration, or documentation features 
-                      of the Licensed Work are yourself, your employees or 
-                      contractors, and your customers or partners.
-
-Change Date:          2023-05-01
+                      The Licensed Work is (c) 2020 EnterpriseOSS, Inc.
+
+Additional Use Grant: You and your Authorized Users may make use of the 
+                      Licensed Work for your internal business purposes, 
+                      provided that you do not (i) rent, lease, copy, transfer,
+                      resell, sublicense, lease, time-share, or otherwise provide 
+                      access to the Licensed Work to a third party (except 
+                      Authorized Users) or (ii) incorporate the Licensed Work 
+                      (or any portion of such) with, or use it with or to provide,
+                      any site, product, or service, other than on sites/applications 
+                      owned and operated by you.
+                      
+                      An “Authorized User” is defined as an individual person 
+                      (e.g. your employee, contractor, agent) who is registered and 
+                      permitted by you to use the Licensed Work subject to these 
+                      restrictions.
+
+Change Date:          2025-10-01
 
 Change License:       Apache License, Version 2.0
 
 For information about alternative licensing arrangements for the Software,
-contact: hello@enterprise-oss.dev
+contact: hello@enterpriseoss.dev
 
 Notice
 
@@ -108,4 +106,4 @@ other recipients of the licensed work to be provided by Licensor:
 
 3. To specify a Change Date.
 
-4. Not to modify this License in any other way.
+4. Not to modify this License in any other way.

data/bin/annotate

@@ -1 +1,3 @@
-annotate --require osso.rb  --models --model-dir ./lib/osso/models/ --position bottom -k -i
+#!/bin/sh
+
+annotate --require osso.rb  --models --model-dir=./lib/osso/models/ --position bottom -k -i

data/db/schema.rb

@@ -10,9 +10,10 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2020_09_13_154919) do
+ActiveRecord::Schema.define(version: 2020_11_12_160120) do
 
   # These are extensions that must be enabled in order to support this database
+  enable_extension "citext"
   enable_extension "pgcrypto"
   enable_extension "plpgsql"
 
@@ -23,10 +24,44 @@ ActiveRecord::Schema.define(version: 2020_09_13_154919) do
     t.datetime "updated_at", precision: 6, null: false
     t.uuid "user_id"
     t.uuid "oauth_client_id"
+    t.jsonb "requested", default: {}
     t.index ["oauth_client_id"], name: "index_access_tokens_on_oauth_client_id"
+    t.index ["token", "expires_at"], name: "index_access_tokens_on_token_and_expires_at", unique: true
     t.index ["user_id"], name: "index_access_tokens_on_user_id"
   end
 
+  create_table "account_password_hashes", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
+    t.string "password_hash", null: false
+  end
+
+  create_table "account_password_reset_keys", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
+    t.string "key", null: false
+    t.datetime "deadline", null: false
+    t.datetime "email_last_sent", default: -> { "CURRENT_TIMESTAMP" }, null: false
+  end
+
+  create_table "account_remember_keys", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
+    t.string "key", null: false
+    t.datetime "deadline", null: false
+  end
+
+  create_table "account_verification_keys", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
+    t.string "key", null: false
+    t.datetime "requested_at", default: -> { "CURRENT_TIMESTAMP" }, null: false
+    t.datetime "email_last_sent", default: -> { "CURRENT_TIMESTAMP" }, null: false
+    t.uuid "account_id"
+    t.index ["account_id"], name: "index_account_verification_keys_on_account_id"
+  end
+
+  create_table "accounts", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
+    t.citext "email", null: false
+    t.integer "status_id", default: 1, null: false
+    t.string "role", default: "admin", null: false
+    t.uuid "oauth_client_id"
+    t.index ["email"], name: "index_accounts_on_email", unique: true, where: "(status_id = ANY (ARRAY[1, 2]))"
+    t.index ["oauth_client_id"], name: "index_accounts_on_oauth_client_id"
+  end
+
   create_table "app_configs", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
     t.string "contact_email"
     t.string "logo_url"
@@ -43,6 +78,7 @@ ActiveRecord::Schema.define(version: 2020_09_13_154919) do
     t.datetime "updated_at", precision: 6, null: false
     t.uuid "user_id"
     t.uuid "oauth_client_id"
+    t.jsonb "requested", default: {}
     t.index ["oauth_client_id"], name: "index_authorization_codes_on_oauth_client_id"
     t.index ["token"], name: "index_authorization_codes_on_token", unique: true
     t.index ["user_id"], name: "index_authorization_codes_on_user_id"
@@ -53,12 +89,11 @@ ActiveRecord::Schema.define(version: 2020_09_13_154919) do
     t.uuid "external_uuid"
     t.integer "external_int_id"
     t.string "external_id"
-    t.uuid "oauth_client_id"
     t.string "name", null: false
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
+    t.integer "users_count", default: 0
     t.index ["domain"], name: "index_enterprise_accounts_on_domain", unique: true
-    t.index ["oauth_client_id"], name: "index_enterprise_accounts_on_oauth_client_id"
   end
 
 # Could not dump table "identity_providers" because of following StandardError
@@ -94,5 +129,8 @@ ActiveRecord::Schema.define(version: 2020_09_13_154919) do
     t.index ["enterprise_account_id"], name: "index_users_on_enterprise_account_id"
   end
 
+  add_foreign_key "account_password_hashes", "accounts", column: "id"
+  add_foreign_key "account_password_reset_keys", "accounts", column: "id"
+  add_foreign_key "account_remember_keys", "accounts", column: "id"
   add_foreign_key "users", "identity_providers"
 end

data/lib/osso/db/migrate/20200929154117_add_users_count_to_identity_providers_and_enterprise_accounts.rb

@@ -0,0 +1,6 @@
+class AddUsersCountToIdentityProvidersAndEnterpriseAccounts < ActiveRecord::Migration[6.0]
+  def change
+    add_column :enterprise_accounts, :users_count, :integer, default: 0
+    add_column :identity_providers, :users_count, :integer, default: 0
+  end
+end

data/lib/osso/db/migrate/20201023142158_add_rodauth_tables.rb

@@ -0,0 +1,47 @@
+require 'rodauth/migrations'
+
+class AddRodauthTables < ActiveRecord::Migration[6.0]
+  DB = Sequel.postgres(extensions: :activerecord_connection)
+
+  def change
+    enable_extension "citext"
+
+    create_table :accounts, id: :uuid do |t|
+      t.citext :email, null: false, index: { unique: true, where: "status_id IN (1, 2)" }
+      t.integer :status_id, null: false, default: 1
+      t.string :role, null: false, default: 'admin'
+      t.string :oauth_client_id, null: true, index: true
+    end
+
+    create_table :account_password_hashes, id: :uuid do |t|
+      t.foreign_key :accounts, column: :id
+      t.string :password_hash, null: false
+    end
+
+    Rodauth.create_database_authentication_functions(DB, table_name: "account_password_hashes")
+
+    # Used by the password reset feature
+    create_table :account_password_reset_keys, id: :uuid do |t|
+      t.foreign_key :accounts, column: :id
+      t.string :key, null: false
+      t.datetime :deadline, null: false
+      t.datetime :email_last_sent, null: false, default: -> { "CURRENT_TIMESTAMP" }
+    end
+
+    # Used by the account verification feature
+    create_table :account_verification_keys, id: :uuid do |t|
+      t.string :key, null: false
+      t.datetime :requested_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
+      t.datetime :email_last_sent, null: false, default: -> { "CURRENT_TIMESTAMP" }
+    end
+
+    add_reference :account_verification_keys, :account, type: :uuid, index: true
+
+    # Used by the remember me feature
+    create_table :account_remember_keys, id: :uuid do |t|
+      t.foreign_key :accounts, column: :id
+      t.string :key, null: false
+      t.datetime :deadline, null: false
+    end
+  end
+end

data/lib/osso/db/migrate/20201105122026_add_token_index_to_access_tokens.rb

@@ -0,0 +1,5 @@
+class AddTokenIndexToAccessTokens < ActiveRecord::Migration[6.0]
+  def change
+    add_index :access_tokens, [:token, :expires_at], unique: true
+  end
+end

data/lib/osso/db/migrate/20201106154936_add_requested_to_authorization_codes_and_access_tokens.rb

@@ -0,0 +1,6 @@
+class AddRequestedToAuthorizationCodesAndAccessTokens < ActiveRecord::Migration[6.0]
+  def change
+    add_column :access_tokens, :requested, :jsonb, default: {}
+    add_column :authorization_codes, :requested, :jsonb, default: {}
+  end
+end

data/lib/osso/db/migrate/20201109160851_add_sso_issuer_to_identity_providers.rb

@@ -0,0 +1,12 @@
+class AddSsoIssuerToIdentityProviders < ActiveRecord::Migration[6.0]
+  def change
+    add_column :identity_providers, :sso_issuer, :string
+
+    Osso::Models::IdentityProvider.all.each do |idp|
+      idp.sso_issuer = idp.root_url + "/" + idp.domain
+      idp.save
+    end
+
+    change_column_null :identity_providers, :sso_issuer, false
+  end
+end

data/lib/osso/db/migrate/20201110190754_remove_oauth_client_id_from_enterprise_accounts.rb

@@ -0,0 +1,9 @@
+class RemoveOauthClientIdFromEnterpriseAccounts < ActiveRecord::Migration[6.0]
+  def up
+    remove_reference :enterprise_accounts, :oauth_client, index: true
+  end
+
+  def down
+    add_reference :enterprise_accounts, :oauth_client, type: :uuid, index: true
+  end
+end

data/lib/osso/db/migrate/20201112160120_add_ping_to_identity_provider_service_enum.rb

@@ -0,0 +1,28 @@
+class AddPingToIdentityProviderServiceEnum < ActiveRecord::Migration[6.0]
+  disable_ddl_transaction!
+
+  def up
+    execute <<-SQL
+      ALTER TYPE identity_provider_service ADD VALUE 'PING';
+    SQL
+  end
+  
+  def down
+    execute <<~SQL
+      CREATE TYPE identity_provider_service_new AS ENUM ('AZURE', 'OKTA', 'ONELOGIN', 'GOOGLE');
+
+      -- Remove values that won't be compatible with new definition
+      DELETE FROM identity_providers WHERE service = 'PING';
+      
+      -- Convert to new type, casting via text representation
+      ALTER TABLE identity_providers 
+        ALTER COLUMN service TYPE identity_provider_service_new 
+          USING (service::text::identity_provider_service_new);
+      
+      -- and swap the types
+      DROP TYPE identity_provider_service;
+      
+      ALTER TYPE identity_provider_service_new RENAME TO identity_provider_service;
+    SQL
+  end
+end