RubyGems - osso - Versions diffs - 0.0.5.pre.zeta → 0.0.8 - Mend

osso 0.0.5.pre.zeta → 0.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (79) hide show

checksums.yaml +4 -4
data/.buildkite/pipeline.yml +6 -4
data/.github/dependabot.yml +8 -0
data/.github/workflows/automerge.yml +19 -0
data/.rubocop.yml +4 -1
data/Gemfile +2 -2
data/Gemfile.lock +69 -51
data/LICENSE +21 -23
data/Rakefile +2 -0
data/bin/annotate +3 -1
data/db/schema.rb +41 -3
data/lib/osso.rb +0 -1
data/lib/osso/db/migrate/20200929154117_add_users_count_to_identity_providers_and_enterprise_accounts.rb +6 -0
data/lib/osso/db/migrate/20201023142158_add_rodauth_tables.rb +47 -0
data/lib/osso/db/migrate/20201105122026_add_token_index_to_access_tokens.rb +5 -0
data/lib/osso/db/migrate/20201106154936_add_requested_to_authorization_codes_and_access_tokens.rb +6 -0
data/lib/osso/db/migrate/20201109160851_add_sso_issuer_to_identity_providers.rb +12 -0
data/lib/osso/db/migrate/20201110190754_remove_oauth_client_id_from_enterprise_accounts.rb +9 -0
data/lib/osso/db/migrate/20201112160120_add_ping_to_identity_provider_service_enum.rb +28 -0
data/lib/osso/db/migrate/20201125143501_add_salesforce_to_provider_service_enum.rb +28 -0
data/lib/osso/error/account_configuration_error.rb +1 -0
data/lib/osso/error/oauth_error.rb +6 -3
data/lib/osso/graphql/mutation.rb +2 -0
data/lib/osso/graphql/mutations.rb +2 -0
data/lib/osso/graphql/mutations/create_enterprise_account.rb +0 -7
data/lib/osso/graphql/mutations/create_identity_provider.rb +7 -6
data/lib/osso/graphql/mutations/delete_identity_provider.rb +24 -0
data/lib/osso/graphql/mutations/invite_admin_user.rb +43 -0
data/lib/osso/graphql/query.rb +8 -0
data/lib/osso/graphql/resolvers/enterprise_accounts.rb +3 -3
data/lib/osso/graphql/types.rb +2 -2
data/lib/osso/graphql/types/admin_user.rb +9 -0
data/lib/osso/graphql/types/base_object.rb +1 -1
data/lib/osso/graphql/types/enterprise_account.rb +1 -0
data/lib/osso/graphql/types/identity_provider.rb +3 -0
data/lib/osso/graphql/types/identity_provider_service.rb +3 -1
data/lib/osso/lib/app_config.rb +1 -1
data/lib/osso/lib/route_map.rb +0 -15
data/lib/osso/lib/saml_handler.rb +5 -0
data/lib/osso/models/access_token.rb +4 -2
data/lib/osso/models/account.rb +34 -0
data/lib/osso/models/authorization_code.rb +2 -1
data/lib/osso/models/enterprise_account.rb +3 -1
data/lib/osso/models/identity_provider.rb +24 -5
data/lib/osso/models/models.rb +1 -0
data/lib/osso/models/oauth_client.rb +0 -1
data/lib/osso/models/user.rb +2 -2
data/lib/osso/routes/admin.rb +39 -33
data/lib/osso/routes/auth.rb +9 -9
data/lib/osso/routes/oauth.rb +42 -18
data/lib/osso/version.rb +1 -1
data/lib/osso/views/admin.erb +5 -0
data/lib/osso/views/error.erb +1 -0
data/lib/osso/views/layout.erb +0 -0
data/lib/osso/views/multiple_providers.erb +1 -0
data/lib/osso/views/welcome.erb +0 -0
data/lib/tasks/bootstrap.rake +25 -4
data/osso-rb.gemspec +5 -0
data/spec/factories/account.rb +24 -0
data/spec/factories/enterprise_account.rb +11 -3
data/spec/factories/identity_providers.rb +10 -2
data/spec/factories/user.rb +4 -0
data/spec/graphql/mutations/configure_identity_provider_spec.rb +1 -1
data/spec/graphql/mutations/create_enterprise_account_spec.rb +0 -14
data/spec/graphql/mutations/create_identity_provider_spec.rb +59 -8
data/spec/graphql/query/identity_provider_spec.rb +3 -2
data/spec/models/enterprise_account_spec.rb +18 -0
data/spec/models/identity_provider_spec.rb +36 -1
data/spec/routes/admin_spec.rb +7 -41
data/spec/routes/auth_spec.rb +17 -18
data/spec/routes/oauth_spec.rb +102 -5
data/spec/spec_helper.rb +3 -3
data/spec/support/views/hosted_login.erb +1 -0
data/spec/support/views/layout.erb +1 -0
data/spec/support/views/multiple_providers.erb +1 -0
metadata +108 -7
data/lib/osso/helpers/auth.rb +0 -94
data/lib/osso/helpers/helpers.rb +0 -8
data/spec/helpers/auth_spec.rb +0 -97

data/spec/routes/admin_spec.rb CHANGED

@@ -3,56 +3,22 @@
 require 'spec_helper'
 describe Osso::Admin do
-  let(:jwt_url) { 'https://foo.com/jwt' }
-  let(:jwt_hmac_secret) { SecureRandom.hex(32) }
-  before do
-    ENV['JWT_URL'] = jwt_url
-    ENV['JWT_HMAC_SECRET'] = jwt_hmac_secret
-    described_class.set(:views, spec_views)
-  end
   describe 'get /admin' do
-    it 'redirects to JWT_URL without a session or token' do
+    it 'redirects to /login without a session' do
       get('/admin')
       expect(last_response).to be_redirect
       follow_redirect!
-      expect(last_request.url).to eq(jwt_url)
-    end
-    it 'redirects to JWT_URL with an invalid token' do
-      get('/admin', token: SecureRandom.hex(32))
-      expect(last_response).to be_redirect
-      follow_redirect!
-      expect(last_request.url).to eq(jwt_url)
+      expect(last_request.url).to match('/login')
     end
-    it 'chomps the token and redirects to request path with valid token' do
-      token = JWT.encode(
-        { email: 'admin@saas.com', scope: 'admin' },
-        jwt_hmac_secret,
-        'HS256',
-      )
-      get('/admin', { admin_token: token })
-      expect(last_response).to be_redirect
-      follow_redirect!
-      expect(last_request.url).to match('/admin')
-    end
+    xit 'renders the admin page for a valid session token' do
+      password = SecureRandom.urlsafe_base64(16)
+      account = create(:verified_account, password: password)
-    it 'renders the admin page for a valid session token' do
-      token = JWT.encode(
-        { email: 'admin@saas.com', scope: 'admin' },
-        jwt_hmac_secret,
-        'HS256',
-      )
+      post('/login', { email: account.email, password: password })
-      get('/admin', {}, 'rack.session' => { admin_token: token })
+      get('/admin')
       expect(last_response).to be_ok
     end

data/spec/routes/auth_spec.rb CHANGED

@@ -182,29 +182,28 @@ describe Osso::Auth do
       it 'raises an error when email is missing' do
         mock_saml_omniauth(email: nil, id: SecureRandom.uuid)
-          response = post(
-            "/auth/saml/#{azure_provider.id}/callback",
-            nil,
-            {
-              'omniauth.auth' => OmniAuth.config.mock_auth[:saml],
-            },
-          )
-          expect(response.body).to eq('Osso::Error::MissingSamlEmailAttributeError')
-        end
+        response = post(
+          "/auth/saml/#{azure_provider.id}/callback",
+          nil,
+          {
+            'omniauth.auth' => OmniAuth.config.mock_auth[:saml],
+          },
+        )
+        expect(response.body).to eq('Osso::Error::MissingSamlEmailAttributeError')
+      end
       it 'raises an error when id is missing' do
         mock_saml_omniauth(email: Faker::Internet.email, id: nil)
         response = post(
-            "/auth/saml/#{azure_provider.id}/callback",
-            nil,
-            {
-              'omniauth.auth' => OmniAuth.config.mock_auth[:saml],
-            },
-          )
+          "/auth/saml/#{azure_provider.id}/callback",
+          nil,
+          {
+            'omniauth.auth' => OmniAuth.config.mock_auth[:saml],
+          },
+        )
         expect(response.body).to eq('Osso::Error::MissingSamlIdAttributeError')
       end
     end

data/spec/routes/oauth_spec.rb CHANGED

@@ -3,15 +3,16 @@
 require 'spec_helper'
 describe Osso::Oauth do
+  before do
+    described_class.set(:views, spec_views)
+  end
   let(:client) { create(:oauth_client) }
   describe 'get /oauth/authorize' do
     describe 'with a valid client ID and redirect URI' do
       describe 'for a domain that does not belong to an enterprise' do
-        # TODO: better error handling and test
         it 'renders an error page' do
-          described_class.set(:views, spec_views)
           create(:enterprise_with_okta, domain: 'foo.com')
           get(
@@ -26,6 +27,20 @@ describe Osso::Oauth do
         end
       end
+      describe 'for a request without email or domain' do
+        it 'redirects to /auth/saml/:provider_id' do
+          get(
+            '/oauth/authorize',
+            client_id: client.identifier,
+            response_type: 'code',
+            redirect_uri: client.redirect_uri_values.sample,
+          )
+          expect(last_response).to be_ok
+          expect(last_response.body).to eq('HOSTED LOGIN')
+        end
+      end
       describe 'for an enterprise domain with one SAML provider' do
         it 'redirects to /auth/saml/:provider_id' do
           enterprise = create(:enterprise_with_okta, oauth_client: client)
@@ -48,7 +63,7 @@ describe Osso::Oauth do
       describe 'for an enterprise domain with multiple SAML providers' do
         it 'renders the multiple providers screen' do
-          enterprise = create(:enterprise_with_multiple_providers)
+          enterprise = create(:enterprise_with_multiple_providers, oauth_client: client)
           get(
             '/oauth/authorize',
@@ -59,6 +74,64 @@ describe Osso::Oauth do
           )
           expect(last_response).to be_ok
+          expect(last_response.body).to eq('MULITPLE PROVIDERS')
+        end
+      end
+      describe "for an existing user's email address" do
+        it 'redirects to /auth/saml/:provider_id' do
+          enterprise = create(:enterprise_with_okta, oauth_client: client)
+          provider_id = enterprise.identity_providers.first.id
+          user = create(:user, email: "user@#{enterprise.domain}", identity_provider_id: provider_id)
+          get(
+            '/oauth/authorize',
+            email: user.email,
+            client_id: client.identifier,
+            response_type: 'code',
+            redirect_uri: client.redirect_uri_values.sample,
+          )
+          expect(last_response).to be_redirect
+          follow_redirect!
+          expect(last_request.url).to match("auth/saml/#{provider_id}")
+        end
+      end
+      describe "for a new user's email address belonging to an enterprise with one SAML provider" do
+        it 'redirects to /auth/saml/:provider_id' do
+          enterprise = create(:enterprise_with_okta, oauth_client: client)
+          get(
+            '/oauth/authorize',
+            email: "user@#{enterprise.domain}",
+            client_id: client.identifier,
+            response_type: 'code',
+            redirect_uri: client.redirect_uri_values.sample,
+          )
+          provider_id = enterprise.identity_providers.first.id
+          expect(last_response).to be_redirect
+          follow_redirect!
+          expect(last_request.url).to match("auth/saml/#{provider_id}")
+        end
+      end
+      describe "for a new user's email address belonging to an enterprise with multiple SAML providers" do
+        it 'renders the multiple providers screen' do
+          enterprise = create(:enterprise_with_multiple_providers, oauth_client: client)
+          get(
+            '/oauth/authorize',
+            email: "user@#{enterprise.domain}",
+            client_id: client.identifier,
+            response_type: 'code',
+            redirect_uri: client.redirect_uri_values.sample,
+          )
+          expect(last_response).to be_ok
+          expect(last_response.body).to eq('MULITPLE PROVIDERS')
         end
       end
     end
@@ -90,7 +163,7 @@ describe Osso::Oauth do
   end
   describe 'get /oauth/me' do
-    describe 'with a valid unexpired access token' do
+    describe 'with a valid unexpired access token in params' do
       it 'returns the user' do
         user = create(:user)
         code = user.authorization_codes.valid.first
@@ -105,6 +178,30 @@ describe Osso::Oauth do
           email: user.email,
           id: user.id,
           idp: 'Okta',
+          requested: code.requested.symbolize_keys,
+        )
+      end
+    end
+    describe 'with a valid unexpired access token in headers' do
+      it 'returns the user' do
+        user = create(:user)
+        code = user.authorization_codes.valid.first
+        get(
+          '/oauth/me',
+          nil,
+          {
+            'HTTP_AUTHORIZATION' => "Bearer: #{code.access_token.to_bearer_token}",
+          },
+        )
+        expect(last_response.status).to eq(200)
+        expect(last_json_response).to eq(
+          email: user.email,
+          id: user.id,
+          idp: 'Okta',
+          requested: code.requested.symbolize_keys,
         )
       end
     end

data/spec/spec_helper.rb CHANGED

@@ -15,9 +15,9 @@ require 'webmock/rspec'
 ENV['RACK_ENV'] = 'test'
 ENV['SESSION_SECRET'] = 'supersecret'
 ENV['BASE_URL'] = 'https://example.com'
+ENV['RODAUTH_VIEWS'] = "#{File.dirname(__FILE__)}/support/views"
 require File.expand_path '../lib/osso.rb', __dir__
 require File.expand_path 'support/spec_app', __dir__
 module RSpecMixin
@@ -47,11 +47,11 @@ module RSpecMixin
   end
   def spec_views
-    File.dirname(__FILE__) + '/support/views'
+    "#{File.dirname(__FILE__)}/support/views"
   end
   def valid_x509_pem
-    raw = File.read(File.dirname(__FILE__) + '/support/fixtures/test.pem')
+    raw = File.read("#{File.dirname(__FILE__)}/support/fixtures/test.pem")
     OpenSSL::X509::Certificate.new(raw).to_pem
   end

data/spec/support/views/hosted_login.erb ADDED

	@@ -0,0 +1 @@
1	+ HOSTED LOGIN

data/spec/support/views/layout.erb ADDED

	@@ -0,0 +1 @@
1	+ <%= yield %>

data/spec/support/views/multiple_providers.erb CHANGED

	@@ -0,0 +1 @@
1	+ MULITPLE PROVIDERS

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: osso
 version: !ruby/object:Gem::Version
-  version: 0.0.5.pre.zeta
+  version: 0.0.8
 platform: ruby
 authors:
 - Sam Bauch
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-09-21 00:00:00.000000000 Z
+date: 2020-12-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -24,6 +24,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 6.0.3.2
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.13
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.13
 - !ruby/object:Gem::Dependency
   name: graphql
   requirement: !ruby/object:Gem::Requirement
@@ -52,6 +66,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: mail
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.7.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.7.1
 - !ruby/object:Gem::Dependency
   name: omniauth-multi-provider
   requirement: !ruby/object:Gem::Requirement
@@ -136,6 +164,60 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rodauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.6.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.6.0
+- !ruby/object:Gem::Dependency
+  name: sequel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5.37'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.40'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5.37'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.40'
+- !ruby/object:Gem::Dependency
+  name: sequel-activerecord_connection
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.3'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.3'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: sinatra
   requirement: !ruby/object:Gem::Requirement
@@ -235,6 +317,8 @@ files:
 - ".buildkite/hooks/pre-command"
 - ".buildkite/pipeline.yml"
 - ".buildkite/template.yml"
+- ".github/dependabot.yml"
+- ".github/workflows/automerge.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
@@ -273,6 +357,14 @@ files:
 - lib/osso/db/migrate/20200826201852_create_app_config.rb
 - lib/osso/db/migrate/20200913154919_add_one_login_to_identity_provider_service_enum.rb
 - lib/osso/db/migrate/20200916125543_add_google_to_identity_provider_service_enum.rb
+- lib/osso/db/migrate/20200929154117_add_users_count_to_identity_providers_and_enterprise_accounts.rb
+- lib/osso/db/migrate/20201023142158_add_rodauth_tables.rb
+- lib/osso/db/migrate/20201105122026_add_token_index_to_access_tokens.rb
+- lib/osso/db/migrate/20201106154936_add_requested_to_authorization_codes_and_access_tokens.rb
+- lib/osso/db/migrate/20201109160851_add_sso_issuer_to_identity_providers.rb
+- lib/osso/db/migrate/20201110190754_remove_oauth_client_id_from_enterprise_accounts.rb
+- lib/osso/db/migrate/20201112160120_add_ping_to_identity_provider_service_enum.rb
+- lib/osso/db/migrate/20201125143501_add_salesforce_to_provider_service_enum.rb
 - lib/osso/error/account_configuration_error.rb
 - lib/osso/error/error.rb
 - lib/osso/error/missing_saml_attribute_error.rb
@@ -287,7 +379,9 @@ files:
 - lib/osso/graphql/mutations/create_identity_provider.rb
 - lib/osso/graphql/mutations/create_oauth_client.rb
 - lib/osso/graphql/mutations/delete_enterprise_account.rb
+- lib/osso/graphql/mutations/delete_identity_provider.rb
 - lib/osso/graphql/mutations/delete_oauth_client.rb
+- lib/osso/graphql/mutations/invite_admin_user.rb
 - lib/osso/graphql/mutations/regenerate_oauth_credentials.rb
 - lib/osso/graphql/mutations/set_redirect_uris.rb
 - lib/osso/graphql/mutations/update_app_config.rb
@@ -313,13 +407,12 @@ files:
 - lib/osso/graphql/types/oauth_client.rb
 - lib/osso/graphql/types/redirect_uri.rb
 - lib/osso/graphql/types/redirect_uri_input.rb
-- lib/osso/helpers/auth.rb
-- lib/osso/helpers/helpers.rb
 - lib/osso/lib/app_config.rb
 - lib/osso/lib/oauth2_token.rb
 - lib/osso/lib/route_map.rb
 - lib/osso/lib/saml_handler.rb
 - lib/osso/models/access_token.rb
+- lib/osso/models/account.rb
 - lib/osso/models/app_config.rb
 - lib/osso/models/authorization_code.rb
 - lib/osso/models/enterprise_account.rb
@@ -334,8 +427,14 @@ files:
 - lib/osso/routes/oauth.rb
 - lib/osso/routes/routes.rb
 - lib/osso/version.rb
+- lib/osso/views/admin.erb
+- lib/osso/views/error.erb
+- lib/osso/views/layout.erb
+- lib/osso/views/multiple_providers.erb
+- lib/osso/views/welcome.erb
 - lib/tasks/bootstrap.rake
 - osso-rb.gemspec
+- spec/factories/account.rb
 - spec/factories/authorization_code.rb
 - spec/factories/enterprise_account.rb
 - spec/factories/identity_providers.rb
@@ -352,8 +451,8 @@ files:
 - spec/graphql/query/enterprise_accounts_spec.rb
 - spec/graphql/query/identity_provider_spec.rb
 - spec/graphql/query/oauth_clients_spec.rb
-- spec/helpers/auth_spec.rb
 - spec/lib/saml_handler_spec.rb
+- spec/models/enterprise_account_spec.rb
 - spec/models/identity_provider_spec.rb
 - spec/routes/admin_spec.rb
 - spec/routes/app_spec.rb
@@ -364,6 +463,8 @@ files:
 - spec/support/spec_app.rb
 - spec/support/views/admin.erb
 - spec/support/views/error.erb
+- spec/support/views/hosted_login.erb
+- spec/support/views/layout.erb
 - spec/support/views/multiple_providers.erb
 homepage: https://github.com/enterprise-oss/osso-rb
 licenses:
@@ -380,9 +481,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 2.3.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubygems_version: 3.0.3
 signing_key: