osso 0.0.5.pre.theta → 0.0.7

data/lib/osso.rb

@@ -2,7 +2,6 @@
 
 module Osso
   require_relative 'osso/error/error'
-  require_relative 'osso/helpers/helpers'
   require_relative 'osso/lib/app_config'
   require_relative 'osso/lib/oauth2_token'
   require_relative 'osso/lib/route_map'

data/lib/osso/db/migrate/20200929154117_add_users_count_to_identity_providers_and_enterprise_accounts.rb

@@ -0,0 +1,6 @@
+class AddUsersCountToIdentityProvidersAndEnterpriseAccounts < ActiveRecord::Migration[6.0]
+  def change
+    add_column :enterprise_accounts, :users_count, :integer, default: 0
+    add_column :identity_providers, :users_count, :integer, default: 0
+  end
+end

data/lib/osso/db/migrate/20201023142158_add_rodauth_tables.rb

@@ -0,0 +1,47 @@
+require 'rodauth/migrations'
+
+class AddRodauthTables < ActiveRecord::Migration[6.0]
+  DB = Sequel.postgres(extensions: :activerecord_connection)
+
+  def change
+    enable_extension "citext"
+
+    create_table :accounts, id: :uuid do |t|
+      t.citext :email, null: false, index: { unique: true, where: "status_id IN (1, 2)" }
+      t.integer :status_id, null: false, default: 1
+      t.string :role, null: false, default: 'admin'
+      t.string :oauth_client_id, null: true, index: true
+    end
+
+    create_table :account_password_hashes, id: :uuid do |t|
+      t.foreign_key :accounts, column: :id
+      t.string :password_hash, null: false
+    end
+
+    Rodauth.create_database_authentication_functions(DB, table_name: "account_password_hashes")
+
+    # Used by the password reset feature
+    create_table :account_password_reset_keys, id: :uuid do |t|
+      t.foreign_key :accounts, column: :id
+      t.string :key, null: false
+      t.datetime :deadline, null: false
+      t.datetime :email_last_sent, null: false, default: -> { "CURRENT_TIMESTAMP" }
+    end
+
+    # Used by the account verification feature
+    create_table :account_verification_keys, id: :uuid do |t|
+      t.string :key, null: false
+      t.datetime :requested_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
+      t.datetime :email_last_sent, null: false, default: -> { "CURRENT_TIMESTAMP" }
+    end
+
+    add_reference :account_verification_keys, :account, type: :uuid, index: true
+
+    # Used by the remember me feature
+    create_table :account_remember_keys, id: :uuid do |t|
+      t.foreign_key :accounts, column: :id
+      t.string :key, null: false
+      t.datetime :deadline, null: false
+    end
+  end
+end

data/lib/osso/db/migrate/20201105122026_add_token_index_to_access_tokens.rb

@@ -0,0 +1,5 @@
+class AddTokenIndexToAccessTokens < ActiveRecord::Migration[6.0]
+  def change
+    add_index :access_tokens, [:token, :expires_at], unique: true
+  end
+end

data/lib/osso/db/migrate/20201106154936_add_requested_to_authorization_codes_and_access_tokens.rb

@@ -0,0 +1,6 @@
+class AddRequestedToAuthorizationCodesAndAccessTokens < ActiveRecord::Migration[6.0]
+  def change
+    add_column :access_tokens, :requested, :jsonb, default: {}
+    add_column :authorization_codes, :requested, :jsonb, default: {}
+  end
+end

data/lib/osso/db/migrate/20201109160851_add_sso_issuer_to_identity_providers.rb

@@ -0,0 +1,12 @@
+class AddSsoIssuerToIdentityProviders < ActiveRecord::Migration[6.0]
+  def change
+    add_column :identity_providers, :sso_issuer, :string
+
+    Osso::Models::IdentityProvider.all.each do |idp|
+      idp.sso_issuer = idp.root_url + "/" + idp.domain
+      idp.save
+    end
+
+    change_column_null :identity_providers, :sso_issuer, false
+  end
+end

data/lib/osso/db/migrate/20201110190754_remove_oauth_client_id_from_enterprise_accounts.rb

@@ -0,0 +1,9 @@
+class RemoveOauthClientIdFromEnterpriseAccounts < ActiveRecord::Migration[6.0]
+  def up
+    remove_reference :enterprise_accounts, :oauth_client, index: true
+  end
+
+  def down
+    add_reference :enterprise_accounts, :oauth_client, type: :uuid, index: true
+  end
+end

data/lib/osso/db/migrate/20201112160120_add_ping_to_identity_provider_service_enum.rb

@@ -0,0 +1,28 @@
+class AddPingToIdentityProviderServiceEnum < ActiveRecord::Migration[6.0]
+  disable_ddl_transaction!
+
+  def up
+    execute <<-SQL
+      ALTER TYPE identity_provider_service ADD VALUE 'PING';
+    SQL
+  end
+  
+  def down
+    execute <<~SQL
+      CREATE TYPE identity_provider_service_new AS ENUM ('AZURE', 'OKTA', 'ONELOGIN', 'GOOGLE');
+
+      -- Remove values that won't be compatible with new definition
+      DELETE FROM identity_providers WHERE service = 'PING';
+      
+      -- Convert to new type, casting via text representation
+      ALTER TABLE identity_providers 
+        ALTER COLUMN service TYPE identity_provider_service_new 
+          USING (service::text::identity_provider_service_new);
+      
+      -- and swap the types
+      DROP TYPE identity_provider_service;
+      
+      ALTER TYPE identity_provider_service_new RENAME TO identity_provider_service;
+    SQL
+  end
+end

data/lib/osso/db/migrate/20201125143501_add_salesforce_to_provider_service_enum.rb

@@ -0,0 +1,28 @@
+class AddSalesforceToProviderServiceEnum < ActiveRecord::Migration[6.0]
+  disable_ddl_transaction!
+
+  def up
+    execute <<-SQL
+      ALTER TYPE identity_provider_service ADD VALUE 'SALESFORCE';
+    SQL
+  end
+  
+  def down
+    execute <<~SQL
+      CREATE TYPE identity_provider_service_new AS ENUM ('AZURE', 'OKTA', 'ONELOGIN', 'GOOGLE', 'PING');
+
+      -- Remove values that won't be compatible with new definition
+      DELETE FROM identity_providers WHERE service = 'SALESFORCE';
+      
+      -- Convert to new type, casting via text representation
+      ALTER TABLE identity_providers 
+        ALTER COLUMN service TYPE identity_provider_service_new 
+          USING (service::text::identity_provider_service_new);
+      
+      -- and swap the types
+      DROP TYPE identity_provider_service;
+      
+      ALTER TYPE identity_provider_service_new RENAME TO identity_provider_service;
+    SQL
+  end
+end

data/lib/osso/error/account_configuration_error.rb

@@ -6,6 +6,7 @@ module Osso
 
     class MissingConfiguredIdentityProvider < AccountConfigurationError
       def initialize(domain: 'The requested domain')
+        super
         @domain = domain
       end
 

data/lib/osso/error/oauth_error.rb

@@ -10,6 +10,7 @@ module Osso
 
     class NoAccountForOAuthClientError < OAuthError
       def initialize(domain: 'the requested domain')
+        super
         @domain = domain
       end
 
@@ -30,13 +31,15 @@ module Osso
 
     class InvalidRedirectUri < OAuthError
       def initialize(redirect_uri:)
+        super
         @redirect_uri = redirect_uri
       end
 
       def message
-        "The requested redirect URI #{@redirect_uri} is not on the allow-list for the rquested OAuth client identifier. " \
-          "Review our OAuth documentation, check you're using the correct OAuth client identifier, " \
-          'and confirm your Redirect URI allow-list includes the appropriate URI(s).'
+        "The requested redirect URI #{@redirect_uri} is not on the allow-list for the rquested " \
+        'OAuth client identifier. Review our OAuth documentation, check you\'re using the correct ' \
+        'OAuth client identifier, and confirm your Redirect URI allow-list includes the ' \
+        'appropriate URI(s).'
       end
     end
   end

data/lib/osso/graphql/mutation.rb

@@ -11,7 +11,9 @@ module Osso
         field :create_enterprise_account, mutation: Mutations::CreateEnterpriseAccount
         field :create_oauth_client, mutation: Mutations::CreateOauthClient
         field :delete_enterprise_account, mutation: Mutations::DeleteEnterpriseAccount
+        field :delete_identity_provider, mutation: Mutations::DeleteIdentityProvider
         field :delete_oauth_client, mutation: Mutations::DeleteOauthClient
+        field :invite_admin_user, mutation: Mutations::InviteAdminUser
         field :set_redirect_uris, mutation: Mutations::SetRedirectUris
         field :regenerate_oauth_credentials, mutation: Mutations::RegenerateOauthCredentials
         field :update_app_config, mutation: Mutations::UpdateAppConfig

data/lib/osso/graphql/mutations.rb

@@ -11,7 +11,9 @@ require_relative 'mutations/create_identity_provider'
 require_relative 'mutations/create_enterprise_account'
 require_relative 'mutations/create_oauth_client'
 require_relative 'mutations/delete_enterprise_account'
+require_relative 'mutations/delete_identity_provider'
 require_relative 'mutations/delete_oauth_client'
+require_relative 'mutations/invite_admin_user'
 require_relative 'mutations/regenerate_oauth_credentials'
 require_relative 'mutations/set_redirect_uris'
 require_relative 'mutations/update_app_config'

data/lib/osso/graphql/mutations/create_enterprise_account.rb

@@ -8,24 +8,17 @@ module Osso
 
         argument :domain, String, required: true
         argument :name, String, required: true
-        argument :oauth_client_id, String, required: false
 
         field :enterprise_account, Types::EnterpriseAccount, null: false
         field :errors, [String], null: false
 
         def resolve(**args)
           enterprise_account = Osso::Models::EnterpriseAccount.new(args)
-          enterprise_account.oauth_client_id ||= find_client_db_id(context[:oauth_client_id])
 
           return response_data(enterprise_account: enterprise_account) if enterprise_account.save
 
           response_error(enterprise_account.errors)
         end
-
-        def find_client_db_id(oauth_client_identifier)
-          Osso::Models::OauthClient.find_by(identifier: oauth_client_identifier).
-            id
-        end
       end
     end
   end

data/lib/osso/graphql/mutations/create_identity_provider.rb

@@ -8,17 +8,18 @@ module Osso
 
         argument :enterprise_account_id, ID, required: true
         argument :service, Types::IdentityProviderService, required: false
+        argument :oauth_client_id, String, required: true
 
         field :identity_provider, Types::IdentityProvider, null: false
         field :errors, [String], null: false
 
-        def resolve(service: nil, **args)
-          customer = enterprise_account(**args)
+        def resolve(service: nil, enterprise_account_id:, oauth_client_id:)
+          customer = enterprise_account(enterprise_account_id: enterprise_account_id)
 
           identity_provider = customer.identity_providers.build(
             service: service,
             domain: customer.domain,
-            oauth_client_id: customer.oauth_client_id,
+            oauth_client_id: oauth_client_id,
           )
 
           return response_data(identity_provider: identity_provider) if identity_provider.save
@@ -26,11 +27,11 @@ module Osso
           response_error(identity_provider.errors)
         end
 
-        def domain(**args)
-          enterprise_account(**args)&.domain
+        def domain(enterprise_account_id:, **args)
+          enterprise_account(enterprise_account_id: enterprise_account_id)&.domain
         end
 
-        def enterprise_account(enterprise_account_id:, **_args)
+        def enterprise_account(enterprise_account_id:)
           @enterprise_account ||= Osso::Models::EnterpriseAccount.find(enterprise_account_id)
         end
       end

data/lib/osso/graphql/mutations/delete_identity_provider.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Osso
+  module GraphQL
+    module Mutations
+      class DeleteIdentityProvider < BaseMutation
+        null false
+
+        argument :id, ID, required: true
+
+        field :identity_provider, Types::IdentityProvider, null: true
+        field :errors, [String], null: false
+
+        def resolve(id:)
+          identity_provider = Osso::Models::IdentityProvider.find(id)
+
+          return response_data(identity_provider: nil) if identity_provider.destroy
+
+          response_error(identity_provider.errors)
+        end
+      end
+    end
+  end
+end

data/lib/osso/graphql/mutations/invite_admin_user.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+module Osso
+  module GraphQL
+    module Mutations
+      class InviteAdminUser < BaseMutation
+        null false
+
+        argument :email, String, required: true
+        argument :oauth_client_id, ID, required: false
+        argument :role, String, required: true
+
+        field :admin_user, Types::AdminUser, null: true
+        field :errors, [String], null: false
+
+        def resolve(email:, role:, oauth_client_id: nil)
+          admin_user = Osso::Models::Account.new(
+            email: email,
+            role: role,
+            oauth_client_id: oauth_client_id,
+          )
+
+          if admin_user.save
+            verify_user(email)
+
+            return response_data(admin_user: admin_user)
+          end
+
+          response_error(admin_user.errors)
+        end
+
+        def ready?(*)
+          admin_ready?
+        end
+
+        def verify_user(email)
+          context[:rodauth].account_from_login(email)
+          context[:rodauth].setup_account_verification
+        end
+      end
+    end
+  end
+end

data/lib/osso/graphql/query.rb

@@ -5,6 +5,7 @@ module Osso
     module Types
       class QueryType < ::GraphQL::Schema::Object
         field :enterprise_accounts, null: true, resolver: Resolvers::EnterpriseAccounts do
+          argument :search, String, required: false
           argument :sort_column, String, required: false
           argument :sort_order, String, required: false
         end
@@ -40,6 +41,13 @@ module Osso
           argument :id, ID, required: true
         end
 
+        field(
+          :admin_users,
+          [Types::AdminUser],
+          null: false,
+          resolve: ->(_obj, _args, _context) { Osso::Models::Account.all },
+        )
+
         field(
           :current_user,
           Types::AdminUser,

data/lib/osso/graphql/resolvers/enterprise_accounts.rb

@@ -6,12 +6,12 @@ module Osso
       class EnterpriseAccounts < BaseResolver
         type Types::EnterpriseAccount.connection_type, null: true
 
-        def resolve(sort_column: nil, sort_order: nil)
+        def resolve(sort_column: nil, sort_order: nil, search: nil)
           return Array(Osso::Models::EnterpriseAccount.find_by(domain: context_domain)) unless internal_authorized?
 
           accounts = Osso::Models::EnterpriseAccount
-
-          accounts = accounts.order(sort_column => sort_order_sym(sort_order)) if sort_column && sort_order
+          accounts = accounts.where('domain ilike ? OR name ilike ?', "%#{search}%", "%#{search}%") if search
+          accounts = accounts.order(sort_column.underscore => sort_order_sym(sort_order)) if sort_column && sort_order
 
           accounts.all
         end

data/lib/osso/graphql/types.rb

@@ -14,8 +14,8 @@ require_relative 'types/app_config'
 require_relative 'types/error'
 require_relative 'types/identity_provider_service'
 require_relative 'types/identity_provider_status'
+require_relative 'types/redirect_uri'
+require_relative 'types/oauth_client'
 require_relative 'types/identity_provider'
 require_relative 'types/enterprise_account'
-require_relative 'types/redirect_uri'
 require_relative 'types/redirect_uri_input'
-require_relative 'types/oauth_client'

data/lib/osso/graphql/types/admin_user.rb

@@ -11,11 +11,20 @@ module Osso
         field :id, ID, null: false
         field :email, String, null: false
         field :scope, String, null: false
+        field :role, String, null: false
         field :oauth_client_id, ID, null: true
 
         def self.authorized?(_object, _context)
           true
         end
+
+        def created_at
+          12.hours.ago
+        end
+
+        def updated_at
+          12.hours.ago
+        end
       end
     end
   end

data/lib/osso/graphql/types/base_object.rb

@@ -28,7 +28,7 @@ module Osso
         def self.authorized?(object, context)
           # we first receive the payload object as a hash, but can depend on the
           # return type to hide the actual objects non-admins shouldn't see
-          return true if object.class == Hash
+          return true if object.instance_of?(Hash)
 
           internal_authorized?(context) || enterprise_authorized?(context, object&.domain)
         end

data/lib/osso/graphql/types/enterprise_account.rb

@@ -14,6 +14,7 @@ module Osso
         field :domain, String, null: false
         field :identity_providers, [Types::IdentityProvider], null: true
         field :status, String, null: false
+        field :users_count, Integer, null: false
 
         def status
           'active'

data/lib/osso/graphql/types/identity_provider.rb

@@ -13,10 +13,12 @@ module Osso
         field :service, Types::IdentityProviderService, null: true
         field :domain, String, null: false
         field :acs_url, String, null: false
+        field :sso_issuer, String, null: false
         field :sso_url, String, null: true
         field :sso_cert, String, null: true
         field :status, Types::IdentityProviderStatus, null: false
         field :acs_url_validator, String, null: false
+        field :oauth_client, Types::OauthClient, null: false
       end
     end
   end