osso 0.0.5.pre.theta → 0.0.5.pre.zeta
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +24 -22
- data/lib/osso/graphql/types/identity_provider.rb +0 -1
- data/lib/osso/helpers/auth.rb +1 -1
- data/lib/osso/lib/route_map.rb +0 -1
- data/lib/osso/models/identity_provider.rb +0 -4
- data/lib/osso/version.rb +1 -1
- data/spec/graphql/query/identity_provider_spec.rb +0 -1
- data/spec/helpers/auth_spec.rb +2 -174
- data/spec/models/identity_provider_spec.rb +0 -13
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: eb48ae64d0aa5fb579751215755503e9140506ba9b75b87436fa824d7a2a18f6
|
|
4
|
+
data.tar.gz: e9a47f808971ce6e6e36d0f189643fb970e82656507a3de474968e3368e16c29
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 49c911667a8eacb8b90958988dd7a8c6625b8d219e6ed24612ac9a6aa5bfe6ee975f8bf0813588379a769d0314d69ee358d3d572a1f6b80ba823dd79b6505047
|
|
7
|
+
data.tar.gz: 03bb1c60447df03e088a40e6fbdcabeb14625ec3cd5c8944929cf0626b1e2000a057eb4daa7db77a1a0c4e79fb02c2f3efed61d4be64255a03e3d22b19dfebbe
|
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
osso (0.0.5.pre.
|
|
4
|
+
osso (0.0.5.pre.zeta)
|
|
5
5
|
activesupport (>= 6.0.3.2)
|
|
6
6
|
graphql
|
|
7
7
|
jwt
|
|
@@ -18,12 +18,12 @@ PATH
|
|
|
18
18
|
GEM
|
|
19
19
|
remote: https://rubygems.org/
|
|
20
20
|
specs:
|
|
21
|
-
activemodel (6.0.3.
|
|
22
|
-
activesupport (= 6.0.3.
|
|
23
|
-
activerecord (6.0.3.
|
|
24
|
-
activemodel (= 6.0.3.
|
|
25
|
-
activesupport (= 6.0.3.
|
|
26
|
-
activesupport (6.0.3.
|
|
21
|
+
activemodel (6.0.3.2)
|
|
22
|
+
activesupport (= 6.0.3.2)
|
|
23
|
+
activerecord (6.0.3.2)
|
|
24
|
+
activemodel (= 6.0.3.2)
|
|
25
|
+
activesupport (= 6.0.3.2)
|
|
26
|
+
activesupport (6.0.3.2)
|
|
27
27
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
|
28
28
|
i18n (>= 0.7, < 2)
|
|
29
29
|
minitest (~> 5.1)
|
|
@@ -39,23 +39,24 @@ GEM
|
|
|
39
39
|
attr_required (1.0.1)
|
|
40
40
|
bindata (2.4.8)
|
|
41
41
|
coderay (1.1.3)
|
|
42
|
-
concurrent-ruby (1.1.
|
|
43
|
-
crack (0.4.
|
|
42
|
+
concurrent-ruby (1.1.6)
|
|
43
|
+
crack (0.4.3)
|
|
44
|
+
safe_yaml (~> 1.0.0)
|
|
44
45
|
database_cleaner (1.8.5)
|
|
45
46
|
database_cleaner-active_record (1.8.0)
|
|
46
47
|
activerecord
|
|
47
48
|
database_cleaner (~> 1.8.0)
|
|
48
49
|
diff-lcs (1.4.4)
|
|
49
50
|
docile (1.3.2)
|
|
50
|
-
factory_bot (6.
|
|
51
|
+
factory_bot (6.0.2)
|
|
51
52
|
activesupport (>= 5.0.0)
|
|
52
|
-
faker (2.
|
|
53
|
+
faker (2.13.0)
|
|
53
54
|
i18n (>= 1.6, < 2)
|
|
54
55
|
graphql (1.11.4)
|
|
55
56
|
hashdiff (1.0.1)
|
|
56
57
|
hashie (4.1.0)
|
|
57
58
|
httpclient (2.8.3)
|
|
58
|
-
i18n (1.8.
|
|
59
|
+
i18n (1.8.3)
|
|
59
60
|
concurrent-ruby (~> 1.0)
|
|
60
61
|
json (2.3.1)
|
|
61
62
|
json-jwt (1.13.0)
|
|
@@ -65,7 +66,7 @@ GEM
|
|
|
65
66
|
jwt (2.2.2)
|
|
66
67
|
method_source (1.0.0)
|
|
67
68
|
mini_portile2 (2.4.0)
|
|
68
|
-
minitest (5.14.
|
|
69
|
+
minitest (5.14.1)
|
|
69
70
|
multi_json (1.15.0)
|
|
70
71
|
mustermann (1.1.1)
|
|
71
72
|
ruby2_keywords (~> 0.0.1)
|
|
@@ -86,7 +87,7 @@ GEM
|
|
|
86
87
|
pry (0.13.1)
|
|
87
88
|
coderay (~> 1.1)
|
|
88
89
|
method_source (~> 1.0)
|
|
89
|
-
public_suffix (4.0.
|
|
90
|
+
public_suffix (4.0.5)
|
|
90
91
|
rack (2.2.3)
|
|
91
92
|
rack-contrib (2.2.0)
|
|
92
93
|
rack (~> 2.0)
|
|
@@ -102,7 +103,7 @@ GEM
|
|
|
102
103
|
rack (>= 1.0, < 3)
|
|
103
104
|
rainbow (3.0.0)
|
|
104
105
|
rake (13.0.1)
|
|
105
|
-
regexp_parser (1.
|
|
106
|
+
regexp_parser (1.7.1)
|
|
106
107
|
rexml (3.2.4)
|
|
107
108
|
rspec (3.9.0)
|
|
108
109
|
rspec-core (~> 3.9.0)
|
|
@@ -117,21 +118,22 @@ GEM
|
|
|
117
118
|
diff-lcs (>= 1.2.0, < 2.0)
|
|
118
119
|
rspec-support (~> 3.9.0)
|
|
119
120
|
rspec-support (3.9.3)
|
|
120
|
-
rubocop (0.
|
|
121
|
+
rubocop (0.86.0)
|
|
121
122
|
parallel (~> 1.10)
|
|
122
|
-
parser (>= 2.7.
|
|
123
|
+
parser (>= 2.7.0.1)
|
|
123
124
|
rainbow (>= 2.2.2, < 4.0)
|
|
124
125
|
regexp_parser (>= 1.7)
|
|
125
126
|
rexml
|
|
126
|
-
rubocop-ast (>= 0.
|
|
127
|
+
rubocop-ast (>= 0.0.3, < 1.0)
|
|
127
128
|
ruby-progressbar (~> 1.7)
|
|
128
129
|
unicode-display_width (>= 1.4.0, < 2.0)
|
|
129
|
-
rubocop-ast (0.
|
|
130
|
-
parser (>= 2.7.1
|
|
130
|
+
rubocop-ast (0.1.0)
|
|
131
|
+
parser (>= 2.7.0.1)
|
|
131
132
|
ruby-progressbar (1.10.1)
|
|
132
133
|
ruby-saml (1.11.0)
|
|
133
134
|
nokogiri (>= 1.5.10)
|
|
134
135
|
ruby2_keywords (0.0.2)
|
|
136
|
+
safe_yaml (1.0.5)
|
|
135
137
|
simplecov (0.17.0)
|
|
136
138
|
docile (~> 1.1)
|
|
137
139
|
json (>= 1.8, < 3)
|
|
@@ -156,11 +158,11 @@ GEM
|
|
|
156
158
|
tzinfo (1.2.7)
|
|
157
159
|
thread_safe (~> 0.1)
|
|
158
160
|
unicode-display_width (1.7.0)
|
|
159
|
-
webmock (3.
|
|
161
|
+
webmock (3.8.3)
|
|
160
162
|
addressable (>= 2.3.6)
|
|
161
163
|
crack (>= 0.3.2)
|
|
162
164
|
hashdiff (>= 0.4.0, < 2.0.0)
|
|
163
|
-
zeitwerk (2.
|
|
165
|
+
zeitwerk (2.3.1)
|
|
164
166
|
|
|
165
167
|
PLATFORMS
|
|
166
168
|
ruby
|
data/lib/osso/helpers/auth.rb
CHANGED
data/lib/osso/lib/route_map.rb
CHANGED
data/lib/osso/version.rb
CHANGED
data/spec/helpers/auth_spec.rb
CHANGED
|
@@ -8,21 +8,13 @@ describe Osso::Helpers::Auth do
|
|
|
8
8
|
end
|
|
9
9
|
|
|
10
10
|
subject(:app) do
|
|
11
|
-
Class.new {
|
|
12
|
-
include Osso::Helpers::Auth
|
|
13
|
-
}
|
|
11
|
+
Class.new { include Osso::Helpers::Auth }
|
|
14
12
|
end
|
|
15
13
|
|
|
16
14
|
describe 'with the token as a header' do
|
|
17
15
|
before do
|
|
18
16
|
allow_any_instance_of(subject).to receive(:request) do
|
|
19
|
-
double('Request', env: { '
|
|
20
|
-
end
|
|
21
|
-
|
|
22
|
-
allow_any_instance_of(subject).to receive(:session) do
|
|
23
|
-
{
|
|
24
|
-
admin_token: nil
|
|
25
|
-
}
|
|
17
|
+
double('Request', env: { 'admin_token' => token }, post?: false)
|
|
26
18
|
end
|
|
27
19
|
|
|
28
20
|
allow_any_instance_of(subject).to receive(:redirect) do
|
|
@@ -95,170 +87,6 @@ describe Osso::Helpers::Auth do
|
|
|
95
87
|
end
|
|
96
88
|
end
|
|
97
89
|
|
|
98
|
-
describe 'with the token as a parameter' do
|
|
99
|
-
before do
|
|
100
|
-
allow_any_instance_of(subject).to receive(:request) do
|
|
101
|
-
double('Request', env: {}, params: { 'admin_token' => token }, post?: false)
|
|
102
|
-
end
|
|
103
|
-
|
|
104
|
-
allow_any_instance_of(subject).to receive(:session) do
|
|
105
|
-
{
|
|
106
|
-
admin_token: nil
|
|
107
|
-
}
|
|
108
|
-
end
|
|
109
|
-
|
|
110
|
-
allow_any_instance_of(subject).to receive(:redirect) do
|
|
111
|
-
false
|
|
112
|
-
end
|
|
113
|
-
end
|
|
114
|
-
|
|
115
|
-
describe 'with an admin token' do
|
|
116
|
-
let(:token) { encode({ scope: 'admin' }) }
|
|
117
|
-
|
|
118
|
-
it 'allows #token_protected! methods' do
|
|
119
|
-
expect(subject.new.token_protected!).to_not be(false)
|
|
120
|
-
end
|
|
121
|
-
|
|
122
|
-
it 'allows #enterprise_protected! methods' do
|
|
123
|
-
expect(subject.new.enterprise_protected!).to_not be(false)
|
|
124
|
-
end
|
|
125
|
-
|
|
126
|
-
it 'allows #internal_protected! methods' do
|
|
127
|
-
expect(subject.new.internal_protected!).to_not be(false)
|
|
128
|
-
end
|
|
129
|
-
|
|
130
|
-
it 'allows #admin_protected! methods' do
|
|
131
|
-
expect(subject.new.admin_protected!).to_not be(false)
|
|
132
|
-
end
|
|
133
|
-
end
|
|
134
|
-
|
|
135
|
-
describe 'with an internal token' do
|
|
136
|
-
let(:token) { encode({ scope: 'internal' }) }
|
|
137
|
-
|
|
138
|
-
it 'allows #token_protected! methods' do
|
|
139
|
-
expect(subject.new.token_protected!).to_not be(false)
|
|
140
|
-
end
|
|
141
|
-
|
|
142
|
-
it 'allows #enterprise_protected! methods' do
|
|
143
|
-
expect(subject.new.enterprise_protected!).to_not be(false)
|
|
144
|
-
end
|
|
145
|
-
|
|
146
|
-
it 'allows #internal_protected! methods' do
|
|
147
|
-
expect(subject.new.internal_protected!).to_not be(false)
|
|
148
|
-
end
|
|
149
|
-
|
|
150
|
-
it 'allows #admin_protected! methods' do
|
|
151
|
-
expect(subject.new.admin_protected!).to be(false)
|
|
152
|
-
end
|
|
153
|
-
end
|
|
154
|
-
|
|
155
|
-
describe 'with an end-user token' do
|
|
156
|
-
let(:token) { encode({ scope: 'end-user', email: 'user@example.com' }) }
|
|
157
|
-
|
|
158
|
-
it 'allows #token_protected! methods' do
|
|
159
|
-
expect(subject.new.token_protected!).to_not be(false)
|
|
160
|
-
end
|
|
161
|
-
|
|
162
|
-
it 'allows #enterprise_protected! methods for the scoped domain' do
|
|
163
|
-
expect(subject.new.enterprise_protected!('example.com')).to_not be(false)
|
|
164
|
-
end
|
|
165
|
-
|
|
166
|
-
it 'halts #enterprise_protected! methods for the wrong scoped domain' do
|
|
167
|
-
expect(subject.new.enterprise_protected!('foo.com')).to be(false)
|
|
168
|
-
end
|
|
169
|
-
|
|
170
|
-
it 'halts #internal_protected! methods' do
|
|
171
|
-
expect(subject.new.internal_protected!).to be(false)
|
|
172
|
-
end
|
|
173
|
-
|
|
174
|
-
it 'halts #admin_protected! methods' do
|
|
175
|
-
expect(subject.new.admin_protected!).to be(false)
|
|
176
|
-
end
|
|
177
|
-
end
|
|
178
|
-
end
|
|
179
|
-
|
|
180
|
-
describe 'with the token in session' do
|
|
181
|
-
before do
|
|
182
|
-
allow_any_instance_of(subject).to receive(:request) do
|
|
183
|
-
double('Request', env: {}, params: {}, post?: false)
|
|
184
|
-
end
|
|
185
|
-
|
|
186
|
-
allow_any_instance_of(subject).to receive(:redirect) do
|
|
187
|
-
false
|
|
188
|
-
end
|
|
189
|
-
|
|
190
|
-
allow_any_instance_of(subject).to receive(:session).and_return(
|
|
191
|
-
{admin_token: token}.with_indifferent_access
|
|
192
|
-
)
|
|
193
|
-
|
|
194
|
-
end
|
|
195
|
-
|
|
196
|
-
describe 'with an admin token' do
|
|
197
|
-
let(:token) { encode({ scope: 'admin' }) }
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
it 'allows #token_protected! methods' do
|
|
201
|
-
expect(subject.new.token_protected!).to_not be(false)
|
|
202
|
-
end
|
|
203
|
-
|
|
204
|
-
it 'allows #enterprise_protected! methods' do
|
|
205
|
-
expect(subject.new.enterprise_protected!).to_not be(false)
|
|
206
|
-
end
|
|
207
|
-
|
|
208
|
-
it 'allows #internal_protected! methods' do
|
|
209
|
-
expect(subject.new.internal_protected!).to_not be(false)
|
|
210
|
-
end
|
|
211
|
-
|
|
212
|
-
it 'allows #admin_protected! methods' do
|
|
213
|
-
expect(subject.new.admin_protected!).to_not be(false)
|
|
214
|
-
end
|
|
215
|
-
end
|
|
216
|
-
|
|
217
|
-
describe 'with an internal token' do
|
|
218
|
-
let(:token) { encode({ scope: 'internal' }) }
|
|
219
|
-
|
|
220
|
-
it 'allows #token_protected! methods' do
|
|
221
|
-
expect(subject.new.token_protected!).to_not be(false)
|
|
222
|
-
end
|
|
223
|
-
|
|
224
|
-
it 'allows #enterprise_protected! methods' do
|
|
225
|
-
expect(subject.new.enterprise_protected!).to_not be(false)
|
|
226
|
-
end
|
|
227
|
-
|
|
228
|
-
it 'allows #internal_protected! methods' do
|
|
229
|
-
expect(subject.new.internal_protected!).to_not be(false)
|
|
230
|
-
end
|
|
231
|
-
|
|
232
|
-
it 'allows #admin_protected! methods' do
|
|
233
|
-
expect(subject.new.admin_protected!).to be(false)
|
|
234
|
-
end
|
|
235
|
-
end
|
|
236
|
-
|
|
237
|
-
describe 'with an end-user token' do
|
|
238
|
-
let(:token) { encode({ scope: 'end-user', email: 'user@example.com' }) }
|
|
239
|
-
|
|
240
|
-
it 'allows #token_protected! methods' do
|
|
241
|
-
expect(subject.new.token_protected!).to_not be(false)
|
|
242
|
-
end
|
|
243
|
-
|
|
244
|
-
it 'allows #enterprise_protected! methods for the scoped domain' do
|
|
245
|
-
expect(subject.new.enterprise_protected!('example.com')).to_not be(false)
|
|
246
|
-
end
|
|
247
|
-
|
|
248
|
-
it 'halts #enterprise_protected! methods for the wrong scoped domain' do
|
|
249
|
-
expect(subject.new.enterprise_protected!('foo.com')).to be(false)
|
|
250
|
-
end
|
|
251
|
-
|
|
252
|
-
it 'halts #internal_protected! methods' do
|
|
253
|
-
expect(subject.new.internal_protected!).to be(false)
|
|
254
|
-
end
|
|
255
|
-
|
|
256
|
-
it 'halts #admin_protected! methods' do
|
|
257
|
-
expect(subject.new.admin_protected!).to be(false)
|
|
258
|
-
end
|
|
259
|
-
end
|
|
260
|
-
end
|
|
261
|
-
|
|
262
90
|
def encode(payload)
|
|
263
91
|
JWT.encode(
|
|
264
92
|
payload,
|
|
@@ -24,19 +24,6 @@ describe Osso::Models::IdentityProvider do
|
|
|
24
24
|
end
|
|
25
25
|
end
|
|
26
26
|
|
|
27
|
-
describe '#acs_url_validator' do
|
|
28
|
-
it 'returns a regex escaped string' do
|
|
29
|
-
allow(subject).to receive(:acs_url).and_return(
|
|
30
|
-
'https://foo.com/auth/saml/callback'
|
|
31
|
-
)
|
|
32
|
-
|
|
33
|
-
expect(subject.acs_url_validator).to eq(
|
|
34
|
-
'https://foo\\.com/auth/saml/callback'
|
|
35
|
-
)
|
|
36
|
-
end
|
|
37
|
-
end
|
|
38
|
-
|
|
39
|
-
|
|
40
27
|
describe '#saml_options' do
|
|
41
28
|
it 'returns the required args' do
|
|
42
29
|
expect(subject.saml_options).
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: osso
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.5.pre.
|
|
4
|
+
version: 0.0.5.pre.zeta
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sam Bauch
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-09-
|
|
11
|
+
date: 2020-09-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|