osso 0.0.5.pre.theta → 0.0.7

data/spec/routes/admin_spec.rb

@@ -3,56 +3,22 @@
 require 'spec_helper'
 
 describe Osso::Admin do
-  let(:jwt_url) { 'https://foo.com/jwt' }
-  let(:jwt_hmac_secret) { SecureRandom.hex(32) }
-
-  before do
-    ENV['JWT_URL'] = jwt_url
-    ENV['JWT_HMAC_SECRET'] = jwt_hmac_secret
-    described_class.set(:views, spec_views)
-  end
-
   describe 'get /admin' do
-    it 'redirects to JWT_URL without a session or token' do
+    it 'redirects to /login without a session' do
       get('/admin')
 
       expect(last_response).to be_redirect
       follow_redirect!
-      expect(last_request.url).to eq(jwt_url)
-    end
-
-    it 'redirects to JWT_URL with an invalid token' do
-      get('/admin', token: SecureRandom.hex(32))
-
-      expect(last_response).to be_redirect
-
-      follow_redirect!
-
-      expect(last_request.url).to eq(jwt_url)
+      expect(last_request.url).to match('/login')
     end
 
-    it 'chomps the token and redirects to request path with valid token' do
-      token = JWT.encode(
-        { email: 'admin@saas.com', scope: 'admin' },
-        jwt_hmac_secret,
-        'HS256',
-      )
-
-      get('/admin', { admin_token: token })
-
-      expect(last_response).to be_redirect
-      follow_redirect!
-      expect(last_request.url).to match('/admin')
-    end
+    xit 'renders the admin page for a valid session token' do
+      password = SecureRandom.urlsafe_base64(16)
+      account = create(:verified_account, password: password)
 
-    it 'renders the admin page for a valid session token' do
-      token = JWT.encode(
-        { email: 'admin@saas.com', scope: 'admin' },
-        jwt_hmac_secret,
-        'HS256',
-      )
+      post('/login', { email: account.email, password: password })
 
-      get('/admin', {}, 'rack.session' => { admin_token: token })
+      get('/admin')
 
       expect(last_response).to be_ok
     end

data/spec/routes/auth_spec.rb

@@ -182,29 +182,28 @@ describe Osso::Auth do
       it 'raises an error when email is missing' do
         mock_saml_omniauth(email: nil, id: SecureRandom.uuid)
 
-        
-          response = post(
-            "/auth/saml/#{azure_provider.id}/callback",
-            nil,
-            {
-              'omniauth.auth' => OmniAuth.config.mock_auth[:saml],
-            },
-          )
-
-          expect(response.body).to eq('Osso::Error::MissingSamlEmailAttributeError')
-        end
+        response = post(
+          "/auth/saml/#{azure_provider.id}/callback",
+          nil,
+          {
+            'omniauth.auth' => OmniAuth.config.mock_auth[:saml],
+          },
+        )
+
+        expect(response.body).to eq('Osso::Error::MissingSamlEmailAttributeError')
+      end
 
       it 'raises an error when id is missing' do
         mock_saml_omniauth(email: Faker::Internet.email, id: nil)
 
         response = post(
-            "/auth/saml/#{azure_provider.id}/callback",
-            nil,
-            {
-              'omniauth.auth' => OmniAuth.config.mock_auth[:saml],
-            },
-          )
-        
+          "/auth/saml/#{azure_provider.id}/callback",
+          nil,
+          {
+            'omniauth.auth' => OmniAuth.config.mock_auth[:saml],
+          },
+        )
+
         expect(response.body).to eq('Osso::Error::MissingSamlIdAttributeError')
       end
     end

data/spec/routes/oauth_spec.rb

@@ -3,15 +3,16 @@
 require 'spec_helper'
 
 describe Osso::Oauth do
+  before do
+    described_class.set(:views, spec_views)
+  end
+
   let(:client) { create(:oauth_client) }
 
   describe 'get /oauth/authorize' do
     describe 'with a valid client ID and redirect URI' do
       describe 'for a domain that does not belong to an enterprise' do
-        # TODO: better error handling and test
         it 'renders an error page' do
-          described_class.set(:views, spec_views)
-
           create(:enterprise_with_okta, domain: 'foo.com')
 
           get(
@@ -48,7 +49,7 @@ describe Osso::Oauth do
 
       describe 'for an enterprise domain with multiple SAML providers' do
         it 'renders the multiple providers screen' do
-          enterprise = create(:enterprise_with_multiple_providers)
+          enterprise = create(:enterprise_with_multiple_providers, oauth_client: client)
 
           get(
             '/oauth/authorize',
@@ -59,6 +60,64 @@ describe Osso::Oauth do
           )
 
           expect(last_response).to be_ok
+          expect(last_response.body).to eq('MULITPLE PROVIDERS')
+        end
+      end
+
+      describe "for an existing user's email address" do
+        it 'redirects to /auth/saml/:provider_id' do
+          enterprise = create(:enterprise_with_okta, oauth_client: client)
+          provider_id = enterprise.identity_providers.first.id
+          user = create(:user, email: "user@#{enterprise.domain}", identity_provider_id: provider_id)
+
+          get(
+            '/oauth/authorize',
+            email: user.email,
+            client_id: client.identifier,
+            response_type: 'code',
+            redirect_uri: client.redirect_uri_values.sample,
+          )
+
+          expect(last_response).to be_redirect
+          follow_redirect!
+          expect(last_request.url).to match("auth/saml/#{provider_id}")
+        end
+      end
+
+      describe "for a new user's email address belonging to an enterprise with one SAML provider" do
+        it 'redirects to /auth/saml/:provider_id' do
+          enterprise = create(:enterprise_with_okta, oauth_client: client)
+
+          get(
+            '/oauth/authorize',
+            email: "user@#{enterprise.domain}",
+            client_id: client.identifier,
+            response_type: 'code',
+            redirect_uri: client.redirect_uri_values.sample,
+          )
+
+          provider_id = enterprise.identity_providers.first.id
+
+          expect(last_response).to be_redirect
+          follow_redirect!
+          expect(last_request.url).to match("auth/saml/#{provider_id}")
+        end
+      end
+
+      describe "for a new user's email address belonging to an enterprise with multiple SAML providers" do
+        it 'renders the multiple providers screen' do
+          enterprise = create(:enterprise_with_multiple_providers, oauth_client: client)
+
+          get(
+            '/oauth/authorize',
+            email: "user@#{enterprise.domain}",
+            client_id: client.identifier,
+            response_type: 'code',
+            redirect_uri: client.redirect_uri_values.sample,
+          )
+
+          expect(last_response).to be_ok
+          expect(last_response.body).to eq('MULITPLE PROVIDERS')
         end
       end
     end
@@ -90,7 +149,7 @@ describe Osso::Oauth do
   end
 
   describe 'get /oauth/me' do
-    describe 'with a valid unexpired access token' do
+    describe 'with a valid unexpired access token in params' do
       it 'returns the user' do
         user = create(:user)
         code = user.authorization_codes.valid.first
@@ -105,6 +164,30 @@ describe Osso::Oauth do
           email: user.email,
           id: user.id,
           idp: 'Okta',
+          requested: code.requested.symbolize_keys,
+        )
+      end
+    end
+
+    describe 'with a valid unexpired access token in headers' do
+      it 'returns the user' do
+        user = create(:user)
+        code = user.authorization_codes.valid.first
+
+        get(
+          '/oauth/me',
+          nil,
+          {
+            'HTTP_AUTHORIZATION' => "Bearer: #{code.access_token.to_bearer_token}",
+          },
+        )
+
+        expect(last_response.status).to eq(200)
+        expect(last_json_response).to eq(
+          email: user.email,
+          id: user.id,
+          idp: 'Okta',
+          requested: code.requested.symbolize_keys,
         )
       end
     end

data/spec/spec_helper.rb

@@ -15,9 +15,9 @@ require 'webmock/rspec'
 ENV['RACK_ENV'] = 'test'
 ENV['SESSION_SECRET'] = 'supersecret'
 ENV['BASE_URL'] = 'https://example.com'
+ENV['RODAUTH_VIEWS'] = "#{File.dirname(__FILE__)}/support/views"
 
 require File.expand_path '../lib/osso.rb', __dir__
-
 require File.expand_path 'support/spec_app', __dir__
 
 module RSpecMixin
@@ -47,11 +47,11 @@ module RSpecMixin
   end
 
   def spec_views
-    File.dirname(__FILE__) + '/support/views'
+    "#{File.dirname(__FILE__)}/support/views"
   end
 
   def valid_x509_pem
-    raw = File.read(File.dirname(__FILE__) + '/support/fixtures/test.pem')
+    raw = File.read("#{File.dirname(__FILE__)}/support/fixtures/test.pem")
     OpenSSL::X509::Certificate.new(raw).to_pem
   end
 

data/spec/support/views/layout.erb

@@ -0,0 +1 @@
+<%= yield %>

data/spec/support/views/multiple_providers.erb

@@ -0,0 +1 @@
+MULITPLE PROVIDERS

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: osso
 version: !ruby/object:Gem::Version
-  version: 0.0.5.pre.theta
+  version: 0.0.7
 platform: ruby
 authors:
 - Sam Bauch
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-09-25 00:00:00.000000000 Z
+date: 2020-12-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -24,6 +24,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 6.0.3.2
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.13
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.13
 - !ruby/object:Gem::Dependency
   name: graphql
   requirement: !ruby/object:Gem::Requirement
@@ -52,6 +66,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: mail
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.7.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.7.1
 - !ruby/object:Gem::Dependency
   name: omniauth-multi-provider
   requirement: !ruby/object:Gem::Requirement
@@ -136,6 +164,60 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rodauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.6.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.6.0
+- !ruby/object:Gem::Dependency
+  name: sequel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5.37'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.40'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5.37'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.40'
+- !ruby/object:Gem::Dependency
+  name: sequel-activerecord_connection
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.3'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.3'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: sinatra
   requirement: !ruby/object:Gem::Requirement
@@ -235,6 +317,8 @@ files:
 - ".buildkite/hooks/pre-command"
 - ".buildkite/pipeline.yml"
 - ".buildkite/template.yml"
+- ".github/dependabot.yml"
+- ".github/workflows/automerge.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
@@ -273,6 +357,14 @@ files:
 - lib/osso/db/migrate/20200826201852_create_app_config.rb
 - lib/osso/db/migrate/20200913154919_add_one_login_to_identity_provider_service_enum.rb
 - lib/osso/db/migrate/20200916125543_add_google_to_identity_provider_service_enum.rb
+- lib/osso/db/migrate/20200929154117_add_users_count_to_identity_providers_and_enterprise_accounts.rb
+- lib/osso/db/migrate/20201023142158_add_rodauth_tables.rb
+- lib/osso/db/migrate/20201105122026_add_token_index_to_access_tokens.rb
+- lib/osso/db/migrate/20201106154936_add_requested_to_authorization_codes_and_access_tokens.rb
+- lib/osso/db/migrate/20201109160851_add_sso_issuer_to_identity_providers.rb
+- lib/osso/db/migrate/20201110190754_remove_oauth_client_id_from_enterprise_accounts.rb
+- lib/osso/db/migrate/20201112160120_add_ping_to_identity_provider_service_enum.rb
+- lib/osso/db/migrate/20201125143501_add_salesforce_to_provider_service_enum.rb
 - lib/osso/error/account_configuration_error.rb
 - lib/osso/error/error.rb
 - lib/osso/error/missing_saml_attribute_error.rb
@@ -287,7 +379,9 @@ files:
 - lib/osso/graphql/mutations/create_identity_provider.rb
 - lib/osso/graphql/mutations/create_oauth_client.rb
 - lib/osso/graphql/mutations/delete_enterprise_account.rb
+- lib/osso/graphql/mutations/delete_identity_provider.rb
 - lib/osso/graphql/mutations/delete_oauth_client.rb
+- lib/osso/graphql/mutations/invite_admin_user.rb
 - lib/osso/graphql/mutations/regenerate_oauth_credentials.rb
 - lib/osso/graphql/mutations/set_redirect_uris.rb
 - lib/osso/graphql/mutations/update_app_config.rb
@@ -313,13 +407,12 @@ files:
 - lib/osso/graphql/types/oauth_client.rb
 - lib/osso/graphql/types/redirect_uri.rb
 - lib/osso/graphql/types/redirect_uri_input.rb
-- lib/osso/helpers/auth.rb
-- lib/osso/helpers/helpers.rb
 - lib/osso/lib/app_config.rb
 - lib/osso/lib/oauth2_token.rb
 - lib/osso/lib/route_map.rb
 - lib/osso/lib/saml_handler.rb
 - lib/osso/models/access_token.rb
+- lib/osso/models/account.rb
 - lib/osso/models/app_config.rb
 - lib/osso/models/authorization_code.rb
 - lib/osso/models/enterprise_account.rb
@@ -334,8 +427,14 @@ files:
 - lib/osso/routes/oauth.rb
 - lib/osso/routes/routes.rb
 - lib/osso/version.rb
+- lib/osso/views/admin.erb
+- lib/osso/views/error.erb
+- lib/osso/views/layout.erb
+- lib/osso/views/multiple_providers.erb
+- lib/osso/views/welcome.erb
 - lib/tasks/bootstrap.rake
 - osso-rb.gemspec
+- spec/factories/account.rb
 - spec/factories/authorization_code.rb
 - spec/factories/enterprise_account.rb
 - spec/factories/identity_providers.rb
@@ -352,8 +451,8 @@ files:
 - spec/graphql/query/enterprise_accounts_spec.rb
 - spec/graphql/query/identity_provider_spec.rb
 - spec/graphql/query/oauth_clients_spec.rb
-- spec/helpers/auth_spec.rb
 - spec/lib/saml_handler_spec.rb
+- spec/models/enterprise_account_spec.rb
 - spec/models/identity_provider_spec.rb
 - spec/routes/admin_spec.rb
 - spec/routes/app_spec.rb
@@ -364,6 +463,7 @@ files:
 - spec/support/spec_app.rb
 - spec/support/views/admin.erb
 - spec/support/views/error.erb
+- spec/support/views/layout.erb
 - spec/support/views/multiple_providers.erb
 homepage: https://github.com/enterprise-oss/osso-rb
 licenses:
@@ -380,9 +480,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 2.3.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubygems_version: 3.0.3
 signing_key: