osso 0.0.5.pre.iota → 0.0.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.buildkite/pipeline.yml +4 -2
- data/.rubocop.yml +4 -1
- data/Gemfile.lock +41 -23
- data/LICENSE +21 -23
- data/bin/annotate +3 -1
- data/db/schema.rb +41 -3
- data/lib/osso/db/migrate/20200929154117_add_users_count_to_identity_providers_and_enterprise_accounts.rb +6 -0
- data/lib/osso/db/migrate/20201023142158_add_rodauth_tables.rb +47 -0
- data/lib/osso/db/migrate/20201105122026_add_token_index_to_access_tokens.rb +5 -0
- data/lib/osso/db/migrate/20201106154936_add_requested_to_authorization_codes_and_access_tokens.rb +6 -0
- data/lib/osso/db/migrate/20201109160851_add_sso_issuer_to_identity_providers.rb +12 -0
- data/lib/osso/db/migrate/20201110190754_remove_oauth_client_id_from_enterprise_accounts.rb +9 -0
- data/lib/osso/db/migrate/20201112160120_add_ping_to_identity_provider_service_enum.rb +28 -0
- data/lib/osso/error/account_configuration_error.rb +1 -0
- data/lib/osso/error/oauth_error.rb +6 -3
- data/lib/osso/graphql/mutation.rb +1 -0
- data/lib/osso/graphql/mutations.rb +1 -0
- data/lib/osso/graphql/mutations/create_enterprise_account.rb +0 -7
- data/lib/osso/graphql/mutations/create_identity_provider.rb +7 -6
- data/lib/osso/graphql/mutations/invite_admin_user.rb +43 -0
- data/lib/osso/graphql/query.rb +8 -0
- data/lib/osso/graphql/resolvers/enterprise_accounts.rb +3 -3
- data/lib/osso/graphql/types.rb +2 -2
- data/lib/osso/graphql/types/admin_user.rb +9 -0
- data/lib/osso/graphql/types/base_object.rb +1 -1
- data/lib/osso/graphql/types/enterprise_account.rb +1 -0
- data/lib/osso/graphql/types/identity_provider.rb +2 -0
- data/lib/osso/graphql/types/identity_provider_service.rb +2 -1
- data/lib/osso/lib/route_map.rb +0 -16
- data/lib/osso/lib/saml_handler.rb +5 -0
- data/lib/osso/models/access_token.rb +4 -2
- data/lib/osso/models/account.rb +34 -0
- data/lib/osso/models/authorization_code.rb +2 -1
- data/lib/osso/models/enterprise_account.rb +3 -1
- data/lib/osso/models/identity_provider.rb +18 -4
- data/lib/osso/models/models.rb +1 -0
- data/lib/osso/models/oauth_client.rb +0 -1
- data/lib/osso/models/user.rb +2 -2
- data/lib/osso/routes/admin.rb +39 -33
- data/lib/osso/routes/auth.rb +9 -9
- data/lib/osso/routes/oauth.rb +35 -17
- data/lib/osso/version.rb +1 -1
- data/lib/osso/views/admin.erb +5 -0
- data/lib/osso/views/error.erb +1 -0
- data/lib/osso/views/layout.erb +0 -0
- data/lib/osso/views/multiple_providers.erb +1 -0
- data/lib/osso/views/welcome.erb +0 -0
- data/lib/tasks/bootstrap.rake +18 -4
- data/osso-rb.gemspec +5 -0
- data/spec/factories/account.rb +24 -0
- data/spec/factories/enterprise_account.rb +11 -3
- data/spec/factories/identity_providers.rb +10 -2
- data/spec/factories/user.rb +4 -0
- data/spec/graphql/mutations/configure_identity_provider_spec.rb +1 -1
- data/spec/graphql/mutations/create_enterprise_account_spec.rb +0 -14
- data/spec/graphql/mutations/create_identity_provider_spec.rb +59 -8
- data/spec/graphql/query/identity_provider_spec.rb +2 -2
- data/spec/models/enterprise_account_spec.rb +18 -0
- data/spec/models/identity_provider_spec.rb +24 -3
- data/spec/routes/admin_spec.rb +7 -41
- data/spec/routes/auth_spec.rb +17 -18
- data/spec/routes/oauth_spec.rb +88 -5
- data/spec/spec_helper.rb +3 -3
- data/spec/support/views/layout.erb +1 -0
- data/spec/support/views/multiple_providers.erb +1 -0
- metadata +91 -5
- data/spec/helpers/auth_spec.rb +0 -269
data/spec/spec_helper.rb
CHANGED
|
@@ -15,9 +15,9 @@ require 'webmock/rspec'
|
|
|
15
15
|
ENV['RACK_ENV'] = 'test'
|
|
16
16
|
ENV['SESSION_SECRET'] = 'supersecret'
|
|
17
17
|
ENV['BASE_URL'] = 'https://example.com'
|
|
18
|
+
ENV['RODAUTH_VIEWS'] = "#{File.dirname(__FILE__)}/support/views"
|
|
18
19
|
|
|
19
20
|
require File.expand_path '../lib/osso.rb', __dir__
|
|
20
|
-
|
|
21
21
|
require File.expand_path 'support/spec_app', __dir__
|
|
22
22
|
|
|
23
23
|
module RSpecMixin
|
|
@@ -47,11 +47,11 @@ module RSpecMixin
|
|
|
47
47
|
end
|
|
48
48
|
|
|
49
49
|
def spec_views
|
|
50
|
-
File.dirname(__FILE__)
|
|
50
|
+
"#{File.dirname(__FILE__)}/support/views"
|
|
51
51
|
end
|
|
52
52
|
|
|
53
53
|
def valid_x509_pem
|
|
54
|
-
raw = File.read(File.dirname(__FILE__)
|
|
54
|
+
raw = File.read("#{File.dirname(__FILE__)}/support/fixtures/test.pem")
|
|
55
55
|
OpenSSL::X509::Certificate.new(raw).to_pem
|
|
56
56
|
end
|
|
57
57
|
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
<%= yield %>
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
MULITPLE PROVIDERS
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: osso
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.5
|
|
4
|
+
version: 0.0.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sam Bauch
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-11-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -24,6 +24,20 @@ dependencies:
|
|
|
24
24
|
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: 6.0.3.2
|
|
27
|
+
- !ruby/object:Gem::Dependency
|
|
28
|
+
name: bcrypt
|
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
|
30
|
+
requirements:
|
|
31
|
+
- - "~>"
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
33
|
+
version: 3.1.13
|
|
34
|
+
type: :runtime
|
|
35
|
+
prerelease: false
|
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
+
requirements:
|
|
38
|
+
- - "~>"
|
|
39
|
+
- !ruby/object:Gem::Version
|
|
40
|
+
version: 3.1.13
|
|
27
41
|
- !ruby/object:Gem::Dependency
|
|
28
42
|
name: graphql
|
|
29
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -52,6 +66,20 @@ dependencies:
|
|
|
52
66
|
- - ">="
|
|
53
67
|
- !ruby/object:Gem::Version
|
|
54
68
|
version: '0'
|
|
69
|
+
- !ruby/object:Gem::Dependency
|
|
70
|
+
name: mail
|
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
|
72
|
+
requirements:
|
|
73
|
+
- - "~>"
|
|
74
|
+
- !ruby/object:Gem::Version
|
|
75
|
+
version: 2.7.1
|
|
76
|
+
type: :runtime
|
|
77
|
+
prerelease: false
|
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
79
|
+
requirements:
|
|
80
|
+
- - "~>"
|
|
81
|
+
- !ruby/object:Gem::Version
|
|
82
|
+
version: 2.7.1
|
|
55
83
|
- !ruby/object:Gem::Dependency
|
|
56
84
|
name: omniauth-multi-provider
|
|
57
85
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -136,6 +164,48 @@ dependencies:
|
|
|
136
164
|
- - ">="
|
|
137
165
|
- !ruby/object:Gem::Version
|
|
138
166
|
version: '0'
|
|
167
|
+
- !ruby/object:Gem::Dependency
|
|
168
|
+
name: rodauth
|
|
169
|
+
requirement: !ruby/object:Gem::Requirement
|
|
170
|
+
requirements:
|
|
171
|
+
- - "~>"
|
|
172
|
+
- !ruby/object:Gem::Version
|
|
173
|
+
version: 2.5.0
|
|
174
|
+
type: :runtime
|
|
175
|
+
prerelease: false
|
|
176
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
177
|
+
requirements:
|
|
178
|
+
- - "~>"
|
|
179
|
+
- !ruby/object:Gem::Version
|
|
180
|
+
version: 2.5.0
|
|
181
|
+
- !ruby/object:Gem::Dependency
|
|
182
|
+
name: sequel
|
|
183
|
+
requirement: !ruby/object:Gem::Requirement
|
|
184
|
+
requirements:
|
|
185
|
+
- - "~>"
|
|
186
|
+
- !ruby/object:Gem::Version
|
|
187
|
+
version: 5.37.0
|
|
188
|
+
type: :runtime
|
|
189
|
+
prerelease: false
|
|
190
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
191
|
+
requirements:
|
|
192
|
+
- - "~>"
|
|
193
|
+
- !ruby/object:Gem::Version
|
|
194
|
+
version: 5.37.0
|
|
195
|
+
- !ruby/object:Gem::Dependency
|
|
196
|
+
name: sequel-activerecord_connection
|
|
197
|
+
requirement: !ruby/object:Gem::Requirement
|
|
198
|
+
requirements:
|
|
199
|
+
- - "~>"
|
|
200
|
+
- !ruby/object:Gem::Version
|
|
201
|
+
version: '0.3'
|
|
202
|
+
type: :runtime
|
|
203
|
+
prerelease: false
|
|
204
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
205
|
+
requirements:
|
|
206
|
+
- - "~>"
|
|
207
|
+
- !ruby/object:Gem::Version
|
|
208
|
+
version: '0.3'
|
|
139
209
|
- !ruby/object:Gem::Dependency
|
|
140
210
|
name: sinatra
|
|
141
211
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -273,6 +343,13 @@ files:
|
|
|
273
343
|
- lib/osso/db/migrate/20200826201852_create_app_config.rb
|
|
274
344
|
- lib/osso/db/migrate/20200913154919_add_one_login_to_identity_provider_service_enum.rb
|
|
275
345
|
- lib/osso/db/migrate/20200916125543_add_google_to_identity_provider_service_enum.rb
|
|
346
|
+
- lib/osso/db/migrate/20200929154117_add_users_count_to_identity_providers_and_enterprise_accounts.rb
|
|
347
|
+
- lib/osso/db/migrate/20201023142158_add_rodauth_tables.rb
|
|
348
|
+
- lib/osso/db/migrate/20201105122026_add_token_index_to_access_tokens.rb
|
|
349
|
+
- lib/osso/db/migrate/20201106154936_add_requested_to_authorization_codes_and_access_tokens.rb
|
|
350
|
+
- lib/osso/db/migrate/20201109160851_add_sso_issuer_to_identity_providers.rb
|
|
351
|
+
- lib/osso/db/migrate/20201110190754_remove_oauth_client_id_from_enterprise_accounts.rb
|
|
352
|
+
- lib/osso/db/migrate/20201112160120_add_ping_to_identity_provider_service_enum.rb
|
|
276
353
|
- lib/osso/error/account_configuration_error.rb
|
|
277
354
|
- lib/osso/error/error.rb
|
|
278
355
|
- lib/osso/error/missing_saml_attribute_error.rb
|
|
@@ -289,6 +366,7 @@ files:
|
|
|
289
366
|
- lib/osso/graphql/mutations/delete_enterprise_account.rb
|
|
290
367
|
- lib/osso/graphql/mutations/delete_identity_provider.rb
|
|
291
368
|
- lib/osso/graphql/mutations/delete_oauth_client.rb
|
|
369
|
+
- lib/osso/graphql/mutations/invite_admin_user.rb
|
|
292
370
|
- lib/osso/graphql/mutations/regenerate_oauth_credentials.rb
|
|
293
371
|
- lib/osso/graphql/mutations/set_redirect_uris.rb
|
|
294
372
|
- lib/osso/graphql/mutations/update_app_config.rb
|
|
@@ -321,6 +399,7 @@ files:
|
|
|
321
399
|
- lib/osso/lib/route_map.rb
|
|
322
400
|
- lib/osso/lib/saml_handler.rb
|
|
323
401
|
- lib/osso/models/access_token.rb
|
|
402
|
+
- lib/osso/models/account.rb
|
|
324
403
|
- lib/osso/models/app_config.rb
|
|
325
404
|
- lib/osso/models/authorization_code.rb
|
|
326
405
|
- lib/osso/models/enterprise_account.rb
|
|
@@ -335,8 +414,14 @@ files:
|
|
|
335
414
|
- lib/osso/routes/oauth.rb
|
|
336
415
|
- lib/osso/routes/routes.rb
|
|
337
416
|
- lib/osso/version.rb
|
|
417
|
+
- lib/osso/views/admin.erb
|
|
418
|
+
- lib/osso/views/error.erb
|
|
419
|
+
- lib/osso/views/layout.erb
|
|
420
|
+
- lib/osso/views/multiple_providers.erb
|
|
421
|
+
- lib/osso/views/welcome.erb
|
|
338
422
|
- lib/tasks/bootstrap.rake
|
|
339
423
|
- osso-rb.gemspec
|
|
424
|
+
- spec/factories/account.rb
|
|
340
425
|
- spec/factories/authorization_code.rb
|
|
341
426
|
- spec/factories/enterprise_account.rb
|
|
342
427
|
- spec/factories/identity_providers.rb
|
|
@@ -353,8 +438,8 @@ files:
|
|
|
353
438
|
- spec/graphql/query/enterprise_accounts_spec.rb
|
|
354
439
|
- spec/graphql/query/identity_provider_spec.rb
|
|
355
440
|
- spec/graphql/query/oauth_clients_spec.rb
|
|
356
|
-
- spec/helpers/auth_spec.rb
|
|
357
441
|
- spec/lib/saml_handler_spec.rb
|
|
442
|
+
- spec/models/enterprise_account_spec.rb
|
|
358
443
|
- spec/models/identity_provider_spec.rb
|
|
359
444
|
- spec/routes/admin_spec.rb
|
|
360
445
|
- spec/routes/app_spec.rb
|
|
@@ -365,6 +450,7 @@ files:
|
|
|
365
450
|
- spec/support/spec_app.rb
|
|
366
451
|
- spec/support/views/admin.erb
|
|
367
452
|
- spec/support/views/error.erb
|
|
453
|
+
- spec/support/views/layout.erb
|
|
368
454
|
- spec/support/views/multiple_providers.erb
|
|
369
455
|
homepage: https://github.com/enterprise-oss/osso-rb
|
|
370
456
|
licenses:
|
|
@@ -381,9 +467,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
381
467
|
version: 2.3.0
|
|
382
468
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
383
469
|
requirements:
|
|
384
|
-
- - "
|
|
470
|
+
- - ">="
|
|
385
471
|
- !ruby/object:Gem::Version
|
|
386
|
-
version:
|
|
472
|
+
version: '0'
|
|
387
473
|
requirements: []
|
|
388
474
|
rubygems_version: 3.0.3
|
|
389
475
|
signing_key:
|
data/spec/helpers/auth_spec.rb
DELETED
|
@@ -1,269 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require 'spec_helper'
|
|
4
|
-
|
|
5
|
-
describe Osso::Helpers::Auth do
|
|
6
|
-
before do
|
|
7
|
-
ENV['JWT_HMAC_SECRET'] = 'super-secret'
|
|
8
|
-
end
|
|
9
|
-
|
|
10
|
-
subject(:app) do
|
|
11
|
-
Class.new {
|
|
12
|
-
include Osso::Helpers::Auth
|
|
13
|
-
}
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
describe 'with the token as a header' do
|
|
17
|
-
before do
|
|
18
|
-
allow_any_instance_of(subject).to receive(:request) do
|
|
19
|
-
double('Request', env: { 'HTTP_AUTHORIZATION' => token }, post?: false)
|
|
20
|
-
end
|
|
21
|
-
|
|
22
|
-
allow_any_instance_of(subject).to receive(:session) do
|
|
23
|
-
{
|
|
24
|
-
admin_token: nil
|
|
25
|
-
}
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
allow_any_instance_of(subject).to receive(:redirect) do
|
|
29
|
-
false
|
|
30
|
-
end
|
|
31
|
-
end
|
|
32
|
-
|
|
33
|
-
describe 'with an admin token' do
|
|
34
|
-
let(:token) { encode({ scope: 'admin' }) }
|
|
35
|
-
|
|
36
|
-
it 'allows #token_protected! methods' do
|
|
37
|
-
expect(subject.new.token_protected!).to_not be(false)
|
|
38
|
-
end
|
|
39
|
-
|
|
40
|
-
it 'allows #enterprise_protected! methods' do
|
|
41
|
-
expect(subject.new.enterprise_protected!).to_not be(false)
|
|
42
|
-
end
|
|
43
|
-
|
|
44
|
-
it 'allows #internal_protected! methods' do
|
|
45
|
-
expect(subject.new.internal_protected!).to_not be(false)
|
|
46
|
-
end
|
|
47
|
-
|
|
48
|
-
it 'allows #admin_protected! methods' do
|
|
49
|
-
expect(subject.new.admin_protected!).to_not be(false)
|
|
50
|
-
end
|
|
51
|
-
end
|
|
52
|
-
|
|
53
|
-
describe 'with an internal token' do
|
|
54
|
-
let(:token) { encode({ scope: 'internal' }) }
|
|
55
|
-
|
|
56
|
-
it 'allows #token_protected! methods' do
|
|
57
|
-
expect(subject.new.token_protected!).to_not be(false)
|
|
58
|
-
end
|
|
59
|
-
|
|
60
|
-
it 'allows #enterprise_protected! methods' do
|
|
61
|
-
expect(subject.new.enterprise_protected!).to_not be(false)
|
|
62
|
-
end
|
|
63
|
-
|
|
64
|
-
it 'allows #internal_protected! methods' do
|
|
65
|
-
expect(subject.new.internal_protected!).to_not be(false)
|
|
66
|
-
end
|
|
67
|
-
|
|
68
|
-
it 'allows #admin_protected! methods' do
|
|
69
|
-
expect(subject.new.admin_protected!).to be(false)
|
|
70
|
-
end
|
|
71
|
-
end
|
|
72
|
-
|
|
73
|
-
describe 'with an end-user token' do
|
|
74
|
-
let(:token) { encode({ scope: 'end-user', email: 'user@example.com' }) }
|
|
75
|
-
|
|
76
|
-
it 'allows #token_protected! methods' do
|
|
77
|
-
expect(subject.new.token_protected!).to_not be(false)
|
|
78
|
-
end
|
|
79
|
-
|
|
80
|
-
it 'allows #enterprise_protected! methods for the scoped domain' do
|
|
81
|
-
expect(subject.new.enterprise_protected!('example.com')).to_not be(false)
|
|
82
|
-
end
|
|
83
|
-
|
|
84
|
-
it 'halts #enterprise_protected! methods for the wrong scoped domain' do
|
|
85
|
-
expect(subject.new.enterprise_protected!('foo.com')).to be(false)
|
|
86
|
-
end
|
|
87
|
-
|
|
88
|
-
it 'halts #internal_protected! methods' do
|
|
89
|
-
expect(subject.new.internal_protected!).to be(false)
|
|
90
|
-
end
|
|
91
|
-
|
|
92
|
-
it 'halts #admin_protected! methods' do
|
|
93
|
-
expect(subject.new.admin_protected!).to be(false)
|
|
94
|
-
end
|
|
95
|
-
end
|
|
96
|
-
end
|
|
97
|
-
|
|
98
|
-
describe 'with the token as a parameter' do
|
|
99
|
-
before do
|
|
100
|
-
allow_any_instance_of(subject).to receive(:request) do
|
|
101
|
-
double('Request', env: {}, params: { 'admin_token' => token }, post?: false)
|
|
102
|
-
end
|
|
103
|
-
|
|
104
|
-
allow_any_instance_of(subject).to receive(:session) do
|
|
105
|
-
{
|
|
106
|
-
admin_token: nil
|
|
107
|
-
}
|
|
108
|
-
end
|
|
109
|
-
|
|
110
|
-
allow_any_instance_of(subject).to receive(:redirect) do
|
|
111
|
-
false
|
|
112
|
-
end
|
|
113
|
-
end
|
|
114
|
-
|
|
115
|
-
describe 'with an admin token' do
|
|
116
|
-
let(:token) { encode({ scope: 'admin' }) }
|
|
117
|
-
|
|
118
|
-
it 'allows #token_protected! methods' do
|
|
119
|
-
expect(subject.new.token_protected!).to_not be(false)
|
|
120
|
-
end
|
|
121
|
-
|
|
122
|
-
it 'allows #enterprise_protected! methods' do
|
|
123
|
-
expect(subject.new.enterprise_protected!).to_not be(false)
|
|
124
|
-
end
|
|
125
|
-
|
|
126
|
-
it 'allows #internal_protected! methods' do
|
|
127
|
-
expect(subject.new.internal_protected!).to_not be(false)
|
|
128
|
-
end
|
|
129
|
-
|
|
130
|
-
it 'allows #admin_protected! methods' do
|
|
131
|
-
expect(subject.new.admin_protected!).to_not be(false)
|
|
132
|
-
end
|
|
133
|
-
end
|
|
134
|
-
|
|
135
|
-
describe 'with an internal token' do
|
|
136
|
-
let(:token) { encode({ scope: 'internal' }) }
|
|
137
|
-
|
|
138
|
-
it 'allows #token_protected! methods' do
|
|
139
|
-
expect(subject.new.token_protected!).to_not be(false)
|
|
140
|
-
end
|
|
141
|
-
|
|
142
|
-
it 'allows #enterprise_protected! methods' do
|
|
143
|
-
expect(subject.new.enterprise_protected!).to_not be(false)
|
|
144
|
-
end
|
|
145
|
-
|
|
146
|
-
it 'allows #internal_protected! methods' do
|
|
147
|
-
expect(subject.new.internal_protected!).to_not be(false)
|
|
148
|
-
end
|
|
149
|
-
|
|
150
|
-
it 'allows #admin_protected! methods' do
|
|
151
|
-
expect(subject.new.admin_protected!).to be(false)
|
|
152
|
-
end
|
|
153
|
-
end
|
|
154
|
-
|
|
155
|
-
describe 'with an end-user token' do
|
|
156
|
-
let(:token) { encode({ scope: 'end-user', email: 'user@example.com' }) }
|
|
157
|
-
|
|
158
|
-
it 'allows #token_protected! methods' do
|
|
159
|
-
expect(subject.new.token_protected!).to_not be(false)
|
|
160
|
-
end
|
|
161
|
-
|
|
162
|
-
it 'allows #enterprise_protected! methods for the scoped domain' do
|
|
163
|
-
expect(subject.new.enterprise_protected!('example.com')).to_not be(false)
|
|
164
|
-
end
|
|
165
|
-
|
|
166
|
-
it 'halts #enterprise_protected! methods for the wrong scoped domain' do
|
|
167
|
-
expect(subject.new.enterprise_protected!('foo.com')).to be(false)
|
|
168
|
-
end
|
|
169
|
-
|
|
170
|
-
it 'halts #internal_protected! methods' do
|
|
171
|
-
expect(subject.new.internal_protected!).to be(false)
|
|
172
|
-
end
|
|
173
|
-
|
|
174
|
-
it 'halts #admin_protected! methods' do
|
|
175
|
-
expect(subject.new.admin_protected!).to be(false)
|
|
176
|
-
end
|
|
177
|
-
end
|
|
178
|
-
end
|
|
179
|
-
|
|
180
|
-
describe 'with the token in session' do
|
|
181
|
-
before do
|
|
182
|
-
allow_any_instance_of(subject).to receive(:request) do
|
|
183
|
-
double('Request', env: {}, params: {}, post?: false)
|
|
184
|
-
end
|
|
185
|
-
|
|
186
|
-
allow_any_instance_of(subject).to receive(:redirect) do
|
|
187
|
-
false
|
|
188
|
-
end
|
|
189
|
-
|
|
190
|
-
allow_any_instance_of(subject).to receive(:session).and_return(
|
|
191
|
-
{admin_token: token}.with_indifferent_access
|
|
192
|
-
)
|
|
193
|
-
|
|
194
|
-
end
|
|
195
|
-
|
|
196
|
-
describe 'with an admin token' do
|
|
197
|
-
let(:token) { encode({ scope: 'admin' }) }
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
it 'allows #token_protected! methods' do
|
|
201
|
-
expect(subject.new.token_protected!).to_not be(false)
|
|
202
|
-
end
|
|
203
|
-
|
|
204
|
-
it 'allows #enterprise_protected! methods' do
|
|
205
|
-
expect(subject.new.enterprise_protected!).to_not be(false)
|
|
206
|
-
end
|
|
207
|
-
|
|
208
|
-
it 'allows #internal_protected! methods' do
|
|
209
|
-
expect(subject.new.internal_protected!).to_not be(false)
|
|
210
|
-
end
|
|
211
|
-
|
|
212
|
-
it 'allows #admin_protected! methods' do
|
|
213
|
-
expect(subject.new.admin_protected!).to_not be(false)
|
|
214
|
-
end
|
|
215
|
-
end
|
|
216
|
-
|
|
217
|
-
describe 'with an internal token' do
|
|
218
|
-
let(:token) { encode({ scope: 'internal' }) }
|
|
219
|
-
|
|
220
|
-
it 'allows #token_protected! methods' do
|
|
221
|
-
expect(subject.new.token_protected!).to_not be(false)
|
|
222
|
-
end
|
|
223
|
-
|
|
224
|
-
it 'allows #enterprise_protected! methods' do
|
|
225
|
-
expect(subject.new.enterprise_protected!).to_not be(false)
|
|
226
|
-
end
|
|
227
|
-
|
|
228
|
-
it 'allows #internal_protected! methods' do
|
|
229
|
-
expect(subject.new.internal_protected!).to_not be(false)
|
|
230
|
-
end
|
|
231
|
-
|
|
232
|
-
it 'allows #admin_protected! methods' do
|
|
233
|
-
expect(subject.new.admin_protected!).to be(false)
|
|
234
|
-
end
|
|
235
|
-
end
|
|
236
|
-
|
|
237
|
-
describe 'with an end-user token' do
|
|
238
|
-
let(:token) { encode({ scope: 'end-user', email: 'user@example.com' }) }
|
|
239
|
-
|
|
240
|
-
it 'allows #token_protected! methods' do
|
|
241
|
-
expect(subject.new.token_protected!).to_not be(false)
|
|
242
|
-
end
|
|
243
|
-
|
|
244
|
-
it 'allows #enterprise_protected! methods for the scoped domain' do
|
|
245
|
-
expect(subject.new.enterprise_protected!('example.com')).to_not be(false)
|
|
246
|
-
end
|
|
247
|
-
|
|
248
|
-
it 'halts #enterprise_protected! methods for the wrong scoped domain' do
|
|
249
|
-
expect(subject.new.enterprise_protected!('foo.com')).to be(false)
|
|
250
|
-
end
|
|
251
|
-
|
|
252
|
-
it 'halts #internal_protected! methods' do
|
|
253
|
-
expect(subject.new.internal_protected!).to be(false)
|
|
254
|
-
end
|
|
255
|
-
|
|
256
|
-
it 'halts #admin_protected! methods' do
|
|
257
|
-
expect(subject.new.admin_protected!).to be(false)
|
|
258
|
-
end
|
|
259
|
-
end
|
|
260
|
-
end
|
|
261
|
-
|
|
262
|
-
def encode(payload)
|
|
263
|
-
JWT.encode(
|
|
264
|
-
payload,
|
|
265
|
-
ENV['JWT_HMAC_SECRET'],
|
|
266
|
-
'HS256',
|
|
267
|
-
)
|
|
268
|
-
end
|
|
269
|
-
end
|