RubyGems - osso - Versions diffs - 0.0.5.pre.zeta → 0.0.5 - Mend

osso 0.0.5.pre.zeta → 0.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (70) hide show

checksums.yaml +4 -4
data/.buildkite/pipeline.yml +4 -2
data/.rubocop.yml +4 -1
data/Gemfile.lock +48 -32
data/LICENSE +21 -23
data/bin/annotate +3 -1
data/db/schema.rb +41 -3
data/lib/osso/db/migrate/20200929154117_add_users_count_to_identity_providers_and_enterprise_accounts.rb +6 -0
data/lib/osso/db/migrate/20201023142158_add_rodauth_tables.rb +47 -0
data/lib/osso/db/migrate/20201105122026_add_token_index_to_access_tokens.rb +5 -0
data/lib/osso/db/migrate/20201106154936_add_requested_to_authorization_codes_and_access_tokens.rb +6 -0
data/lib/osso/db/migrate/20201109160851_add_sso_issuer_to_identity_providers.rb +12 -0
data/lib/osso/db/migrate/20201110190754_remove_oauth_client_id_from_enterprise_accounts.rb +9 -0
data/lib/osso/db/migrate/20201112160120_add_ping_to_identity_provider_service_enum.rb +28 -0
data/lib/osso/error/account_configuration_error.rb +1 -0
data/lib/osso/error/oauth_error.rb +6 -3
data/lib/osso/graphql/mutation.rb +2 -0
data/lib/osso/graphql/mutations.rb +2 -0
data/lib/osso/graphql/mutations/create_enterprise_account.rb +0 -7
data/lib/osso/graphql/mutations/create_identity_provider.rb +7 -6
data/lib/osso/graphql/mutations/delete_identity_provider.rb +24 -0
data/lib/osso/graphql/mutations/invite_admin_user.rb +43 -0
data/lib/osso/graphql/query.rb +8 -0
data/lib/osso/graphql/resolvers/enterprise_accounts.rb +3 -3
data/lib/osso/graphql/types.rb +2 -2
data/lib/osso/graphql/types/admin_user.rb +9 -0
data/lib/osso/graphql/types/base_object.rb +1 -1
data/lib/osso/graphql/types/enterprise_account.rb +1 -0
data/lib/osso/graphql/types/identity_provider.rb +3 -0
data/lib/osso/graphql/types/identity_provider_service.rb +2 -1
data/lib/osso/helpers/auth.rb +1 -1
data/lib/osso/lib/route_map.rb +0 -15
data/lib/osso/lib/saml_handler.rb +5 -0
data/lib/osso/models/access_token.rb +4 -2
data/lib/osso/models/account.rb +34 -0
data/lib/osso/models/authorization_code.rb +2 -1
data/lib/osso/models/enterprise_account.rb +3 -1
data/lib/osso/models/identity_provider.rb +23 -5
data/lib/osso/models/models.rb +1 -0
data/lib/osso/models/oauth_client.rb +0 -1
data/lib/osso/models/user.rb +2 -2
data/lib/osso/routes/admin.rb +39 -33
data/lib/osso/routes/auth.rb +9 -9
data/lib/osso/routes/oauth.rb +35 -17
data/lib/osso/version.rb +1 -1
data/lib/osso/views/admin.erb +5 -0
data/lib/osso/views/error.erb +1 -0
data/lib/osso/views/layout.erb +0 -0
data/lib/osso/views/multiple_providers.erb +1 -0
data/lib/osso/views/welcome.erb +0 -0
data/lib/tasks/bootstrap.rake +18 -4
data/osso-rb.gemspec +5 -0
data/spec/factories/account.rb +24 -0
data/spec/factories/enterprise_account.rb +11 -3
data/spec/factories/identity_providers.rb +10 -2
data/spec/factories/user.rb +4 -0
data/spec/graphql/mutations/configure_identity_provider_spec.rb +1 -1
data/spec/graphql/mutations/create_enterprise_account_spec.rb +0 -14
data/spec/graphql/mutations/create_identity_provider_spec.rb +59 -8
data/spec/graphql/query/identity_provider_spec.rb +3 -2
data/spec/models/enterprise_account_spec.rb +18 -0
data/spec/models/identity_provider_spec.rb +35 -1
data/spec/routes/admin_spec.rb +7 -41
data/spec/routes/auth_spec.rb +17 -18
data/spec/routes/oauth_spec.rb +88 -5
data/spec/spec_helper.rb +3 -3
data/spec/support/views/layout.erb +1 -0
data/spec/support/views/multiple_providers.erb +1 -0
metadata +92 -5
data/spec/helpers/auth_spec.rb +0 -97

data/spec/routes/oauth_spec.rb CHANGED

@@ -3,15 +3,16 @@
 require 'spec_helper'
 describe Osso::Oauth do
+  before do
+    described_class.set(:views, spec_views)
+  end
   let(:client) { create(:oauth_client) }
   describe 'get /oauth/authorize' do
     describe 'with a valid client ID and redirect URI' do
       describe 'for a domain that does not belong to an enterprise' do
-        # TODO: better error handling and test
         it 'renders an error page' do
-          described_class.set(:views, spec_views)
           create(:enterprise_with_okta, domain: 'foo.com')
           get(
@@ -48,7 +49,7 @@ describe Osso::Oauth do
       describe 'for an enterprise domain with multiple SAML providers' do
         it 'renders the multiple providers screen' do
-          enterprise = create(:enterprise_with_multiple_providers)
+          enterprise = create(:enterprise_with_multiple_providers, oauth_client: client)
           get(
             '/oauth/authorize',
@@ -59,6 +60,64 @@ describe Osso::Oauth do
           )
           expect(last_response).to be_ok
+          expect(last_response.body).to eq('MULITPLE PROVIDERS')
+        end
+      end
+      describe "for an existing user's email address" do
+        it 'redirects to /auth/saml/:provider_id' do
+          enterprise = create(:enterprise_with_okta, oauth_client: client)
+          provider_id = enterprise.identity_providers.first.id
+          user = create(:user, email: "user@#{enterprise.domain}", identity_provider_id: provider_id)
+          get(
+            '/oauth/authorize',
+            email: user.email,
+            client_id: client.identifier,
+            response_type: 'code',
+            redirect_uri: client.redirect_uri_values.sample,
+          )
+          expect(last_response).to be_redirect
+          follow_redirect!
+          expect(last_request.url).to match("auth/saml/#{provider_id}")
+        end
+      end
+      describe "for a new user's email address belonging to an enterprise with one SAML provider" do
+        it 'redirects to /auth/saml/:provider_id' do
+          enterprise = create(:enterprise_with_okta, oauth_client: client)
+          get(
+            '/oauth/authorize',
+            email: "user@#{enterprise.domain}",
+            client_id: client.identifier,
+            response_type: 'code',
+            redirect_uri: client.redirect_uri_values.sample,
+          )
+          provider_id = enterprise.identity_providers.first.id
+          expect(last_response).to be_redirect
+          follow_redirect!
+          expect(last_request.url).to match("auth/saml/#{provider_id}")
+        end
+      end
+      describe "for a new user's email address belonging to an enterprise with multiple SAML providers" do
+        it 'renders the multiple providers screen' do
+          enterprise = create(:enterprise_with_multiple_providers, oauth_client: client)
+          get(
+            '/oauth/authorize',
+            email: "user@#{enterprise.domain}",
+            client_id: client.identifier,
+            response_type: 'code',
+            redirect_uri: client.redirect_uri_values.sample,
+          )
+          expect(last_response).to be_ok
+          expect(last_response.body).to eq('MULITPLE PROVIDERS')
         end
       end
     end
@@ -90,7 +149,7 @@ describe Osso::Oauth do
   end
   describe 'get /oauth/me' do
-    describe 'with a valid unexpired access token' do
+    describe 'with a valid unexpired access token in params' do
       it 'returns the user' do
         user = create(:user)
         code = user.authorization_codes.valid.first
@@ -105,6 +164,30 @@ describe Osso::Oauth do
           email: user.email,
           id: user.id,
           idp: 'Okta',
+          requested: code.requested.symbolize_keys,
+        )
+      end
+    end
+    describe 'with a valid unexpired access token in headers' do
+      it 'returns the user' do
+        user = create(:user)
+        code = user.authorization_codes.valid.first
+        get(
+          '/oauth/me',
+          nil,
+          {
+            'HTTP_AUTHORIZATION' => "Bearer: #{code.access_token.to_bearer_token}",
+          },
+        )
+        expect(last_response.status).to eq(200)
+        expect(last_json_response).to eq(
+          email: user.email,
+          id: user.id,
+          idp: 'Okta',
+          requested: code.requested.symbolize_keys,
         )
       end
     end

data/spec/spec_helper.rb CHANGED

@@ -15,9 +15,9 @@ require 'webmock/rspec'
 ENV['RACK_ENV'] = 'test'
 ENV['SESSION_SECRET'] = 'supersecret'
 ENV['BASE_URL'] = 'https://example.com'
+ENV['RODAUTH_VIEWS'] = "#{File.dirname(__FILE__)}/support/views"
 require File.expand_path '../lib/osso.rb', __dir__
 require File.expand_path 'support/spec_app', __dir__
 module RSpecMixin
@@ -47,11 +47,11 @@ module RSpecMixin
   end
   def spec_views
-    File.dirname(__FILE__) + '/support/views'
+    "#{File.dirname(__FILE__)}/support/views"
   end
   def valid_x509_pem
-    raw = File.read(File.dirname(__FILE__) + '/support/fixtures/test.pem')
+    raw = File.read("#{File.dirname(__FILE__)}/support/fixtures/test.pem")
     OpenSSL::X509::Certificate.new(raw).to_pem
   end

data/spec/support/views/layout.erb ADDED

	@@ -0,0 +1 @@
1	+ <%= yield %>

data/spec/support/views/multiple_providers.erb CHANGED

	@@ -0,0 +1 @@
1	+ MULITPLE PROVIDERS

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: osso
 version: !ruby/object:Gem::Version
-  version: 0.0.5.pre.zeta
+  version: 0.0.5
 platform: ruby
 authors:
 - Sam Bauch
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-09-21 00:00:00.000000000 Z
+date: 2020-11-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -24,6 +24,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 6.0.3.2
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.13
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.13
 - !ruby/object:Gem::Dependency
   name: graphql
   requirement: !ruby/object:Gem::Requirement
@@ -52,6 +66,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: mail
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.7.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.7.1
 - !ruby/object:Gem::Dependency
   name: omniauth-multi-provider
   requirement: !ruby/object:Gem::Requirement
@@ -136,6 +164,48 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rodauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.5.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.5.0
+- !ruby/object:Gem::Dependency
+  name: sequel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.37.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.37.0
+- !ruby/object:Gem::Dependency
+  name: sequel-activerecord_connection
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.3'
 - !ruby/object:Gem::Dependency
   name: sinatra
   requirement: !ruby/object:Gem::Requirement
@@ -273,6 +343,13 @@ files:
 - lib/osso/db/migrate/20200826201852_create_app_config.rb
 - lib/osso/db/migrate/20200913154919_add_one_login_to_identity_provider_service_enum.rb
 - lib/osso/db/migrate/20200916125543_add_google_to_identity_provider_service_enum.rb
+- lib/osso/db/migrate/20200929154117_add_users_count_to_identity_providers_and_enterprise_accounts.rb
+- lib/osso/db/migrate/20201023142158_add_rodauth_tables.rb
+- lib/osso/db/migrate/20201105122026_add_token_index_to_access_tokens.rb
+- lib/osso/db/migrate/20201106154936_add_requested_to_authorization_codes_and_access_tokens.rb
+- lib/osso/db/migrate/20201109160851_add_sso_issuer_to_identity_providers.rb
+- lib/osso/db/migrate/20201110190754_remove_oauth_client_id_from_enterprise_accounts.rb
+- lib/osso/db/migrate/20201112160120_add_ping_to_identity_provider_service_enum.rb
 - lib/osso/error/account_configuration_error.rb
 - lib/osso/error/error.rb
 - lib/osso/error/missing_saml_attribute_error.rb
@@ -287,7 +364,9 @@ files:
 - lib/osso/graphql/mutations/create_identity_provider.rb
 - lib/osso/graphql/mutations/create_oauth_client.rb
 - lib/osso/graphql/mutations/delete_enterprise_account.rb
+- lib/osso/graphql/mutations/delete_identity_provider.rb
 - lib/osso/graphql/mutations/delete_oauth_client.rb
+- lib/osso/graphql/mutations/invite_admin_user.rb
 - lib/osso/graphql/mutations/regenerate_oauth_credentials.rb
 - lib/osso/graphql/mutations/set_redirect_uris.rb
 - lib/osso/graphql/mutations/update_app_config.rb
@@ -320,6 +399,7 @@ files:
 - lib/osso/lib/route_map.rb
 - lib/osso/lib/saml_handler.rb
 - lib/osso/models/access_token.rb
+- lib/osso/models/account.rb
 - lib/osso/models/app_config.rb
 - lib/osso/models/authorization_code.rb
 - lib/osso/models/enterprise_account.rb
@@ -334,8 +414,14 @@ files:
 - lib/osso/routes/oauth.rb
 - lib/osso/routes/routes.rb
 - lib/osso/version.rb
+- lib/osso/views/admin.erb
+- lib/osso/views/error.erb
+- lib/osso/views/layout.erb
+- lib/osso/views/multiple_providers.erb
+- lib/osso/views/welcome.erb
 - lib/tasks/bootstrap.rake
 - osso-rb.gemspec
+- spec/factories/account.rb
 - spec/factories/authorization_code.rb
 - spec/factories/enterprise_account.rb
 - spec/factories/identity_providers.rb
@@ -352,8 +438,8 @@ files:
 - spec/graphql/query/enterprise_accounts_spec.rb
 - spec/graphql/query/identity_provider_spec.rb
 - spec/graphql/query/oauth_clients_spec.rb
-- spec/helpers/auth_spec.rb
 - spec/lib/saml_handler_spec.rb
+- spec/models/enterprise_account_spec.rb
 - spec/models/identity_provider_spec.rb
 - spec/routes/admin_spec.rb
 - spec/routes/app_spec.rb
@@ -364,6 +450,7 @@ files:
 - spec/support/spec_app.rb
 - spec/support/views/admin.erb
 - spec/support/views/error.erb
+- spec/support/views/layout.erb
 - spec/support/views/multiple_providers.erb
 homepage: https://github.com/enterprise-oss/osso-rb
 licenses:
@@ -380,9 +467,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 2.3.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubygems_version: 3.0.3
 signing_key:

data/spec/helpers/auth_spec.rb DELETED

@@ -1,97 +0,0 @@
-# frozen_string_literal: true
-require 'spec_helper'
-describe Osso::Helpers::Auth do
-  before do
-    ENV['JWT_HMAC_SECRET'] = 'super-secret'
-  end
-  subject(:app) do
-    Class.new { include Osso::Helpers::Auth }
-  end
-  describe 'with the token as a header' do
-    before do
-      allow_any_instance_of(subject).to receive(:request) do
-        double('Request', env: { 'admin_token' => token }, post?: false)
-      end
-      allow_any_instance_of(subject).to receive(:redirect) do
-        false
-      end
-    end
-    describe 'with an admin token' do
-      let(:token) { encode({ scope: 'admin' }) }
-      it 'allows #token_protected! methods' do
-        expect(subject.new.token_protected!).to_not be(false)
-      end
-      it 'allows #enterprise_protected! methods' do
-        expect(subject.new.enterprise_protected!).to_not be(false)
-      end
-      it 'allows #internal_protected! methods' do
-        expect(subject.new.internal_protected!).to_not be(false)
-      end
-      it 'allows #admin_protected! methods' do
-        expect(subject.new.admin_protected!).to_not be(false)
-      end
-    end
-    describe 'with an internal token' do
-      let(:token) { encode({ scope: 'internal' }) }
-      it 'allows #token_protected! methods' do
-        expect(subject.new.token_protected!).to_not be(false)
-      end
-      it 'allows #enterprise_protected! methods' do
-        expect(subject.new.enterprise_protected!).to_not be(false)
-      end
-      it 'allows #internal_protected! methods' do
-        expect(subject.new.internal_protected!).to_not be(false)
-      end
-      it 'allows #admin_protected! methods' do
-        expect(subject.new.admin_protected!).to be(false)
-      end
-    end
-    describe 'with an end-user token' do
-      let(:token) { encode({ scope: 'end-user', email: 'user@example.com' }) }
-      it 'allows #token_protected! methods' do
-        expect(subject.new.token_protected!).to_not be(false)
-      end
-      it 'allows #enterprise_protected! methods for the scoped domain' do
-        expect(subject.new.enterprise_protected!('example.com')).to_not be(false)
-      end
-      it 'halts #enterprise_protected! methods for the wrong scoped domain' do
-        expect(subject.new.enterprise_protected!('foo.com')).to be(false)
-      end
-      it 'halts #internal_protected! methods' do
-        expect(subject.new.internal_protected!).to be(false)
-      end
-      it 'halts #admin_protected! methods' do
-        expect(subject.new.admin_protected!).to be(false)
-      end
-    end
-  end
-  def encode(payload)
-    JWT.encode(
-      payload,
-      ENV['JWT_HMAC_SECRET'],
-      'HS256',
-    )
-  end
-end