osso 0.0.6.alpha → 0.0.11
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.buildkite/pipeline.yml +3 -2
- data/.github/dependabot.yml +8 -0
- data/.github/workflows/automerge.yml +19 -0
- data/Gemfile +3 -3
- data/Gemfile.lock +62 -56
- data/Rakefile +3 -0
- data/bin/console +3 -0
- data/db/schema.rb +2 -2
- data/lib/osso.rb +1 -1
- data/lib/osso/db/migrate/20201125143501_add_salesforce_to_provider_service_enum.rb +28 -0
- data/lib/osso/graphql/mutations/configure_identity_provider.rb +4 -1
- data/lib/osso/graphql/mutations/create_enterprise_account.rb +4 -1
- data/lib/osso/graphql/mutations/create_identity_provider.rb +6 -1
- data/lib/osso/graphql/mutations/create_oauth_client.rb +4 -1
- data/lib/osso/graphql/mutations/delete_enterprise_account.rb +5 -1
- data/lib/osso/graphql/mutations/delete_identity_provider.rb +4 -1
- data/lib/osso/graphql/mutations/delete_oauth_client.rb +4 -1
- data/lib/osso/graphql/mutations/invite_admin_user.rb +6 -0
- data/lib/osso/graphql/mutations/regenerate_oauth_credentials.rb +4 -1
- data/lib/osso/graphql/mutations/set_redirect_uris.rb +2 -0
- data/lib/osso/graphql/mutations/update_app_config.rb +4 -1
- data/lib/osso/graphql/types/identity_provider_service.rb +1 -0
- data/lib/osso/lib/analytics.rb +55 -0
- data/lib/osso/lib/app_config.rb +1 -1
- data/lib/osso/models/identity_provider.rb +1 -0
- data/lib/osso/routes/admin.rb +39 -7
- data/lib/osso/routes/oauth.rb +10 -4
- data/lib/osso/version.rb +1 -1
- data/osso-rb.gemspec +4 -3
- data/spec/models/identity_provider_spec.rb +1 -0
- data/spec/routes/admin_spec.rb +27 -9
- data/spec/routes/oauth_spec.rb +14 -0
- data/spec/support/views/hosted_login.erb +1 -0
- metadata +51 -17
- data/lib/osso/helpers/auth.rb +0 -94
- data/lib/osso/helpers/helpers.rb +0 -8
- data/spec/routes/app_spec.rb +0 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f3def53429479fcc6f8174b8065830233e8437b3e6cd5e6a2647caa710622028
|
4
|
+
data.tar.gz: dbdaa671b3a6b2ca07e5d48ed247eefbdbe6bd06423247975821088aea097f45
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: '0391fb57427e5f417ee19f2566cda5e432834bff640d14516abdf54a716c401c6ed42559ed5f366855936e2f6d976f86e1c64c1bfd497f9b3443f8a54f240485'
|
7
|
+
data.tar.gz: 1bdc64d6943502b18f7801003131d379879bad62265bc80f4f5cd5c9547604d7fb60b35a174ce9875a1d5b13ef673535bed4566d14d5888de1552b40a9c0d26b
|
data/.buildkite/pipeline.yml
CHANGED
@@ -12,6 +12,7 @@ steps:
|
|
12
12
|
- coverage/*
|
13
13
|
|
14
14
|
- name: ":codeclimate:"
|
15
|
+
soft_fail: true
|
15
16
|
plugins:
|
16
17
|
- jobready/codeclimate-test-reporter#v2.0:
|
17
18
|
artifact: "coverage/.resultset.json"
|
@@ -19,8 +20,8 @@ steps:
|
|
19
20
|
prefix: '/var/lib/buildkite-agent/builds/enterprise-oss-bk-1/enterpriseoss/osso-rb/'
|
20
21
|
|
21
22
|
- block: ":rubygems: Publish :red_button:"
|
22
|
-
|
23
|
+
if: build.tag != null
|
23
24
|
|
24
25
|
- name: "Push :rubygems:"
|
25
26
|
commands: "./bin/publish"
|
26
|
-
|
27
|
+
if: build.tag != null
|
@@ -0,0 +1,19 @@
|
|
1
|
+
name: auto-merge
|
2
|
+
|
3
|
+
on:
|
4
|
+
pull_request:
|
5
|
+
|
6
|
+
jobs:
|
7
|
+
auto-approve:
|
8
|
+
runs-on: ubuntu-latest
|
9
|
+
steps:
|
10
|
+
- uses: actions/checkout@v2
|
11
|
+
- uses: ahmadnassri/action-dependabot-auto-merge@v2
|
12
|
+
with:
|
13
|
+
target: minor
|
14
|
+
github-token: ${{ secrets.TOKEN }}
|
15
|
+
- uses: hmarr/auto-approve-action@v2.0.0
|
16
|
+
if: github.actor == 'dependabot[bot]'
|
17
|
+
with:
|
18
|
+
github-token: "${{ secrets.TOKEN }}"
|
19
|
+
|
data/Gemfile
CHANGED
@@ -10,10 +10,10 @@ group :test do
|
|
10
10
|
gem 'faker'
|
11
11
|
gem 'pg'
|
12
12
|
gem 'rack-test'
|
13
|
-
gem 'rspec', '~> 3.
|
13
|
+
gem 'rspec', '~> 3.10'
|
14
14
|
gem 'rubocop'
|
15
|
-
gem 'simplecov', '
|
16
|
-
gem 'webmock', '~> 3.
|
15
|
+
gem 'simplecov', '0.21.1', require: false
|
16
|
+
gem 'webmock', '~> 3.11'
|
17
17
|
end
|
18
18
|
|
19
19
|
gemspec
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
osso (0.0.
|
4
|
+
osso (0.0.11)
|
5
5
|
activesupport (>= 6.0.3.2)
|
6
6
|
bcrypt (~> 3.1.13)
|
7
7
|
graphql
|
@@ -9,13 +9,14 @@ PATH
|
|
9
9
|
mail (~> 2.7.1)
|
10
10
|
omniauth-multi-provider
|
11
11
|
omniauth-saml
|
12
|
+
posthog-ruby
|
12
13
|
rack (>= 2.1.4)
|
13
14
|
rack-contrib
|
14
15
|
rack-oauth2
|
15
16
|
rake
|
16
|
-
rodauth (
|
17
|
-
sequel (
|
18
|
-
sequel-activerecord_connection (
|
17
|
+
rodauth (>= 2.6, < 2.8)
|
18
|
+
sequel (>= 5.37, < 5.41)
|
19
|
+
sequel-activerecord_connection (>= 0.3, < 2.0)
|
19
20
|
sinatra
|
20
21
|
sinatra-activerecord
|
21
22
|
sinatra-contrib
|
@@ -23,20 +24,22 @@ PATH
|
|
23
24
|
GEM
|
24
25
|
remote: https://rubygems.org/
|
25
26
|
specs:
|
26
|
-
activemodel (6.0
|
27
|
-
activesupport (= 6.0
|
28
|
-
activerecord (6.0
|
29
|
-
activemodel (= 6.0
|
30
|
-
activesupport (= 6.0
|
31
|
-
activesupport (6.0
|
27
|
+
activemodel (6.1.0)
|
28
|
+
activesupport (= 6.1.0)
|
29
|
+
activerecord (6.1.0)
|
30
|
+
activemodel (= 6.1.0)
|
31
|
+
activesupport (= 6.1.0)
|
32
|
+
activesupport (6.1.0)
|
32
33
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
33
|
-
i18n (>=
|
34
|
-
minitest (
|
35
|
-
tzinfo (~>
|
36
|
-
zeitwerk (~> 2.
|
34
|
+
i18n (>= 1.6, < 2)
|
35
|
+
minitest (>= 5.1)
|
36
|
+
tzinfo (~> 2.0)
|
37
|
+
zeitwerk (~> 2.3)
|
37
38
|
addressable (2.7.0)
|
38
39
|
public_suffix (>= 2.0.2, < 5.0)
|
39
40
|
aes_key_wrap (1.1.0)
|
41
|
+
after_commit_everywhere (0.1.5)
|
42
|
+
activerecord (>= 4.2)
|
40
43
|
annotate (3.1.1)
|
41
44
|
activerecord (>= 3.2, < 7.0)
|
42
45
|
rake (>= 10.4, < 14.0)
|
@@ -52,10 +55,10 @@ GEM
|
|
52
55
|
activerecord
|
53
56
|
database_cleaner (~> 1.8.0)
|
54
57
|
diff-lcs (1.4.4)
|
55
|
-
docile (1.3.
|
58
|
+
docile (1.3.4)
|
56
59
|
factory_bot (6.1.0)
|
57
60
|
activesupport (>= 5.0.0)
|
58
|
-
faker (2.
|
61
|
+
faker (2.15.1)
|
59
62
|
i18n (>= 1.6, < 2)
|
60
63
|
graphql (1.11.6)
|
61
64
|
hashdiff (1.0.1)
|
@@ -63,7 +66,6 @@ GEM
|
|
63
66
|
httpclient (2.8.3)
|
64
67
|
i18n (1.8.5)
|
65
68
|
concurrent-ruby (~> 1.0)
|
66
|
-
json (2.3.1)
|
67
69
|
json-jwt (1.13.0)
|
68
70
|
activesupport (>= 4.2)
|
69
71
|
aes_key_wrap
|
@@ -73,13 +75,14 @@ GEM
|
|
73
75
|
mini_mime (>= 0.1.1)
|
74
76
|
method_source (1.0.0)
|
75
77
|
mini_mime (1.0.2)
|
76
|
-
mini_portile2 (2.
|
78
|
+
mini_portile2 (2.5.0)
|
77
79
|
minitest (5.14.2)
|
78
80
|
multi_json (1.15.0)
|
79
81
|
mustermann (1.1.1)
|
80
82
|
ruby2_keywords (~> 0.0.1)
|
81
|
-
nokogiri (1.
|
82
|
-
mini_portile2 (~> 2.
|
83
|
+
nokogiri (1.11.1)
|
84
|
+
mini_portile2 (~> 2.5.0)
|
85
|
+
racc (~> 1.4)
|
83
86
|
omniauth (1.9.1)
|
84
87
|
hashie (>= 3.4.6)
|
85
88
|
rack (>= 1.6.2, < 3)
|
@@ -88,16 +91,18 @@ GEM
|
|
88
91
|
omniauth-saml (1.10.3)
|
89
92
|
omniauth (~> 1.3, >= 1.3.2)
|
90
93
|
ruby-saml (~> 1.9)
|
91
|
-
parallel (1.
|
92
|
-
parser (
|
94
|
+
parallel (1.20.1)
|
95
|
+
parser (3.0.0.0)
|
93
96
|
ast (~> 2.4.1)
|
94
97
|
pg (1.2.3)
|
98
|
+
posthog-ruby (1.1.0)
|
95
99
|
pry (0.13.1)
|
96
100
|
coderay (~> 1.1)
|
97
101
|
method_source (~> 1.0)
|
98
102
|
public_suffix (4.0.6)
|
103
|
+
racc (1.5.2)
|
99
104
|
rack (2.2.3)
|
100
|
-
rack-contrib (2.
|
105
|
+
rack-contrib (2.3.0)
|
101
106
|
rack (~> 2.0)
|
102
107
|
rack-oauth2 (1.16.0)
|
103
108
|
activesupport
|
@@ -110,51 +115,53 @@ GEM
|
|
110
115
|
rack-test (1.1.0)
|
111
116
|
rack (>= 1.0, < 3)
|
112
117
|
rainbow (3.0.0)
|
113
|
-
rake (13.0.
|
114
|
-
regexp_parser (
|
118
|
+
rake (13.0.3)
|
119
|
+
regexp_parser (2.0.2)
|
115
120
|
rexml (3.2.4)
|
116
|
-
roda (3.
|
121
|
+
roda (3.39.0)
|
117
122
|
rack
|
118
|
-
rodauth (2.
|
123
|
+
rodauth (2.7.0)
|
119
124
|
roda (>= 2.6.0)
|
120
125
|
sequel (>= 4)
|
121
|
-
rspec (3.
|
122
|
-
rspec-core (~> 3.
|
123
|
-
rspec-expectations (~> 3.
|
124
|
-
rspec-mocks (~> 3.
|
125
|
-
rspec-core (3.
|
126
|
-
rspec-support (~> 3.
|
127
|
-
rspec-expectations (3.
|
126
|
+
rspec (3.10.0)
|
127
|
+
rspec-core (~> 3.10.0)
|
128
|
+
rspec-expectations (~> 3.10.0)
|
129
|
+
rspec-mocks (~> 3.10.0)
|
130
|
+
rspec-core (3.10.0)
|
131
|
+
rspec-support (~> 3.10.0)
|
132
|
+
rspec-expectations (3.10.0)
|
128
133
|
diff-lcs (>= 1.2.0, < 2.0)
|
129
|
-
rspec-support (~> 3.
|
130
|
-
rspec-mocks (3.
|
134
|
+
rspec-support (~> 3.10.0)
|
135
|
+
rspec-mocks (3.10.0)
|
131
136
|
diff-lcs (>= 1.2.0, < 2.0)
|
132
|
-
rspec-support (~> 3.
|
133
|
-
rspec-support (3.
|
134
|
-
rubocop (1.
|
137
|
+
rspec-support (~> 3.10.0)
|
138
|
+
rspec-support (3.10.0)
|
139
|
+
rubocop (1.7.0)
|
135
140
|
parallel (~> 1.10)
|
136
141
|
parser (>= 2.7.1.5)
|
137
142
|
rainbow (>= 2.2.2, < 4.0)
|
138
|
-
regexp_parser (>= 1.8)
|
143
|
+
regexp_parser (>= 1.8, < 3.0)
|
139
144
|
rexml
|
140
|
-
rubocop-ast (>= 1.0.
|
145
|
+
rubocop-ast (>= 1.2.0, < 2.0)
|
141
146
|
ruby-progressbar (~> 1.7)
|
142
147
|
unicode-display_width (>= 1.4.0, < 2.0)
|
143
|
-
rubocop-ast (1.
|
148
|
+
rubocop-ast (1.3.0)
|
144
149
|
parser (>= 2.7.1.5)
|
145
150
|
ruby-progressbar (1.10.1)
|
146
151
|
ruby-saml (1.11.0)
|
147
152
|
nokogiri (>= 1.5.10)
|
148
153
|
ruby2_keywords (0.0.2)
|
149
|
-
sequel (5.
|
150
|
-
sequel-activerecord_connection (
|
154
|
+
sequel (5.39.0)
|
155
|
+
sequel-activerecord_connection (1.2.0)
|
151
156
|
activerecord (>= 4.2, < 7)
|
157
|
+
after_commit_everywhere (~> 0.1.5)
|
152
158
|
sequel (~> 5.16)
|
153
|
-
simplecov (0.
|
159
|
+
simplecov (0.21.1)
|
154
160
|
docile (~> 1.1)
|
155
|
-
|
156
|
-
|
157
|
-
simplecov-html (0.
|
161
|
+
simplecov-html (~> 0.11)
|
162
|
+
simplecov_json_formatter (~> 0.1)
|
163
|
+
simplecov-html (0.12.3)
|
164
|
+
simplecov_json_formatter (0.1.2)
|
158
165
|
sinatra (2.1.0)
|
159
166
|
mustermann (~> 1.0)
|
160
167
|
rack (~> 2.2)
|
@@ -169,16 +176,15 @@ GEM
|
|
169
176
|
rack-protection (= 2.1.0)
|
170
177
|
sinatra (= 2.1.0)
|
171
178
|
tilt (~> 2.0)
|
172
|
-
thread_safe (0.3.6)
|
173
179
|
tilt (2.0.10)
|
174
|
-
tzinfo (
|
175
|
-
|
180
|
+
tzinfo (2.0.3)
|
181
|
+
concurrent-ruby (~> 1.0)
|
176
182
|
unicode-display_width (1.7.0)
|
177
|
-
webmock (3.
|
183
|
+
webmock (3.11.0)
|
178
184
|
addressable (>= 2.3.6)
|
179
185
|
crack (>= 0.3.2)
|
180
186
|
hashdiff (>= 0.4.0, < 2.0.0)
|
181
|
-
zeitwerk (2.4.
|
187
|
+
zeitwerk (2.4.2)
|
182
188
|
|
183
189
|
PLATFORMS
|
184
190
|
ruby
|
@@ -193,10 +199,10 @@ DEPENDENCIES
|
|
193
199
|
pg
|
194
200
|
pry
|
195
201
|
rack-test
|
196
|
-
rspec (~> 3.
|
202
|
+
rspec (~> 3.10)
|
197
203
|
rubocop
|
198
|
-
simplecov (= 0.
|
199
|
-
webmock (~> 3.
|
204
|
+
simplecov (= 0.21.1)
|
205
|
+
webmock (~> 3.11)
|
200
206
|
|
201
207
|
BUNDLED WITH
|
202
208
|
2.1.4
|
data/Rakefile
CHANGED
data/bin/console
CHANGED
data/db/schema.rb
CHANGED
@@ -10,7 +10,7 @@
|
|
10
10
|
#
|
11
11
|
# It's strongly recommended that you check this file into your version control system.
|
12
12
|
|
13
|
-
ActiveRecord::Schema.define(version:
|
13
|
+
ActiveRecord::Schema.define(version: 2020_11_25_143501) do
|
14
14
|
|
15
15
|
# These are extensions that must be enabled in order to support this database
|
16
16
|
enable_extension "citext"
|
@@ -57,7 +57,7 @@ ActiveRecord::Schema.define(version: 2020_11_12_160120) do
|
|
57
57
|
t.citext "email", null: false
|
58
58
|
t.integer "status_id", default: 1, null: false
|
59
59
|
t.string "role", default: "admin", null: false
|
60
|
-
t.
|
60
|
+
t.string "oauth_client_id"
|
61
61
|
t.index ["email"], name: "index_accounts_on_email", unique: true, where: "(status_id = ANY (ARRAY[1, 2]))"
|
62
62
|
t.index ["oauth_client_id"], name: "index_accounts_on_oauth_client_id"
|
63
63
|
end
|
data/lib/osso.rb
CHANGED
@@ -0,0 +1,28 @@
|
|
1
|
+
class AddSalesforceToProviderServiceEnum < ActiveRecord::Migration[6.0]
|
2
|
+
disable_ddl_transaction!
|
3
|
+
|
4
|
+
def up
|
5
|
+
execute <<-SQL
|
6
|
+
ALTER TYPE identity_provider_service ADD VALUE 'SALESFORCE';
|
7
|
+
SQL
|
8
|
+
end
|
9
|
+
|
10
|
+
def down
|
11
|
+
execute <<~SQL
|
12
|
+
CREATE TYPE identity_provider_service_new AS ENUM ('AZURE', 'OKTA', 'ONELOGIN', 'GOOGLE', 'PING');
|
13
|
+
|
14
|
+
-- Remove values that won't be compatible with new definition
|
15
|
+
DELETE FROM identity_providers WHERE service = 'SALESFORCE';
|
16
|
+
|
17
|
+
-- Convert to new type, casting via text representation
|
18
|
+
ALTER TABLE identity_providers
|
19
|
+
ALTER COLUMN service TYPE identity_provider_service_new
|
20
|
+
USING (service::text::identity_provider_service_new);
|
21
|
+
|
22
|
+
-- and swap the types
|
23
|
+
DROP TYPE identity_provider_service;
|
24
|
+
|
25
|
+
ALTER TYPE identity_provider_service_new RENAME TO identity_provider_service;
|
26
|
+
SQL
|
27
|
+
end
|
28
|
+
end
|
@@ -15,7 +15,10 @@ module Osso
|
|
15
15
|
def resolve(**args)
|
16
16
|
provider = identity_provider(**args)
|
17
17
|
|
18
|
-
|
18
|
+
if provider.update(args)
|
19
|
+
Osso::Analytics.capture(email: context[:email], event: self.class.name.demodulize, properties: args)
|
20
|
+
return response_data(identity_provider: provider)
|
21
|
+
end
|
19
22
|
|
20
23
|
response_error(provider.errors)
|
21
24
|
end
|
@@ -15,7 +15,10 @@ module Osso
|
|
15
15
|
def resolve(**args)
|
16
16
|
enterprise_account = Osso::Models::EnterpriseAccount.new(args)
|
17
17
|
|
18
|
-
|
18
|
+
if enterprise_account.save
|
19
|
+
Osso::Analytics.capture(email: context[:email], event: self.class.name.demodulize, properties: args)
|
20
|
+
return response_data(enterprise_account: enterprise_account)
|
21
|
+
end
|
19
22
|
|
20
23
|
response_error(enterprise_account.errors)
|
21
24
|
end
|
@@ -22,7 +22,12 @@ module Osso
|
|
22
22
|
oauth_client_id: oauth_client_id,
|
23
23
|
)
|
24
24
|
|
25
|
-
|
25
|
+
if identity_provider.save
|
26
|
+
Osso::Analytics.capture(email: context[:email], event: self.class.name.demodulize, properties: {
|
27
|
+
service: service, enterprise_account_id: enterprise_account_id, oauth_client_id: oauth_client_id
|
28
|
+
})
|
29
|
+
return response_data(identity_provider: identity_provider)
|
30
|
+
end
|
26
31
|
|
27
32
|
response_error(identity_provider.errors)
|
28
33
|
end
|
@@ -14,7 +14,10 @@ module Osso
|
|
14
14
|
def resolve(**args)
|
15
15
|
oauth_client = Osso::Models::OauthClient.new(args)
|
16
16
|
|
17
|
-
|
17
|
+
if oauth_client.save
|
18
|
+
Osso::Analytics.capture(email: context[:email], event: self.class.name.demodulize, properties: args)
|
19
|
+
return response_data(oauth_client: oauth_client)
|
20
|
+
end
|
18
21
|
|
19
22
|
response_error(oauth_client.errors)
|
20
23
|
end
|
@@ -18,7 +18,11 @@ module Osso
|
|
18
18
|
def resolve(**args)
|
19
19
|
customer = enterprise_account(**args)
|
20
20
|
|
21
|
-
|
21
|
+
if customer.destroy
|
22
|
+
Osso::Analytics.capture(email: context[:email], event: self.class.name.demodulize, properties: args)
|
23
|
+
return response_data(enterprise_account: nil)
|
24
|
+
end
|
25
|
+
|
22
26
|
|
23
27
|
response_error(customer.errors)
|
24
28
|
end
|
@@ -14,7 +14,10 @@ module Osso
|
|
14
14
|
def resolve(id:)
|
15
15
|
identity_provider = Osso::Models::IdentityProvider.find(id)
|
16
16
|
|
17
|
-
|
17
|
+
if identity_provider.destroy
|
18
|
+
Osso::Analytics.capture(email: context[:email], event: self.class.name.demodulize, properties: { id: id })
|
19
|
+
return response_data(identity_provider: nil)
|
20
|
+
end
|
18
21
|
|
19
22
|
response_error(identity_provider.errors)
|
20
23
|
end
|
@@ -14,7 +14,10 @@ module Osso
|
|
14
14
|
def resolve(id:)
|
15
15
|
oauth_client = Osso::Models::OauthClient.find(id)
|
16
16
|
|
17
|
-
|
17
|
+
if oauth_client.destroy
|
18
|
+
Osso::Analytics.capture(email: context[:email], event: self.class.name.demodulize, properties: { id: id })
|
19
|
+
return response_data(oauth_client: nil)
|
20
|
+
end
|
18
21
|
|
19
22
|
response_error(oauth_client.errors)
|
20
23
|
end
|
@@ -23,6 +23,12 @@ module Osso
|
|
23
23
|
if admin_user.save
|
24
24
|
verify_user(email)
|
25
25
|
|
26
|
+
Osso::Analytics.capture(email: context[:email], event: self.class.name.demodulize, properties: {
|
27
|
+
invited_email: email,
|
28
|
+
invited_role: role,
|
29
|
+
invited_oauth_client_id: oauth_client_id,
|
30
|
+
})
|
31
|
+
|
26
32
|
return response_data(admin_user: admin_user)
|
27
33
|
end
|
28
34
|
|
@@ -15,7 +15,10 @@ module Osso
|
|
15
15
|
oauth_client = Osso::Models::OauthClient.find(id)
|
16
16
|
oauth_client.regenerate_secrets!
|
17
17
|
|
18
|
-
|
18
|
+
if oauth_client.save
|
19
|
+
Osso::Analytics.capture(email: context[:email], event: self.class.name.demodulize, properties: { oauth_client_id: id })
|
20
|
+
return response_data(oauth_client: oauth_client)
|
21
|
+
end
|
19
22
|
|
20
23
|
response_error(oauth_client.errors)
|
21
24
|
end
|
@@ -18,6 +18,8 @@ module Osso
|
|
18
18
|
update_existing(oauth_client, redirect_uris)
|
19
19
|
create_new(oauth_client, redirect_uris)
|
20
20
|
|
21
|
+
Osso::Analytics.capture(email: context[:email], event: self.class.name.demodulize, properties: redirect_uris)
|
22
|
+
|
21
23
|
response_data(oauth_client: oauth_client.reload)
|
22
24
|
rescue StandardError => e
|
23
25
|
response_error(e)
|
@@ -15,7 +15,10 @@ module Osso
|
|
15
15
|
|
16
16
|
def resolve(**args)
|
17
17
|
app_config = Osso::Models::AppConfig.find
|
18
|
-
|
18
|
+
if app_config.update(**args)
|
19
|
+
Osso::Analytics.capture(email: context[:email], event: self.class.name.demodulize, properties: args)
|
20
|
+
return response_data(app_config: app_config)
|
21
|
+
end
|
19
22
|
|
20
23
|
response_error(app_config.errors)
|
21
24
|
end
|
@@ -9,6 +9,7 @@ module Osso
|
|
9
9
|
value('OKTA', 'Okta Identity Provider', value: 'OKTA')
|
10
10
|
value('ONELOGIN', 'OneLogin Identity Provider', value: 'ONELOGIN')
|
11
11
|
value('PING', 'PingID Identity Provider', value: 'PING')
|
12
|
+
value('SALESFORCE', 'Salesforce Identity Provider', value: 'SALESFORCE')
|
12
13
|
end
|
13
14
|
end
|
14
15
|
end
|
@@ -0,0 +1,55 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'posthog-ruby'
|
4
|
+
|
5
|
+
module Osso
|
6
|
+
# Osso::Analytics provides an interface to track product analytics for any provider.
|
7
|
+
# Osso recommends PostHog as an open source solution for your product analytics needs.
|
8
|
+
# If you want to use another product analytics provider, you can patch the Osso::Analytics
|
9
|
+
# class yourself in your parent application. Be sure to implement the public
|
10
|
+
# .identify and .capture class methods with the required method signatures and require
|
11
|
+
# your class after requiring Osso.
|
12
|
+
class Analytics
|
13
|
+
class << self
|
14
|
+
def identify(email:, properties: {})
|
15
|
+
return unless configured?
|
16
|
+
|
17
|
+
client.identify({
|
18
|
+
distinct_id: email,
|
19
|
+
properties: properties.merge(instance_properties),
|
20
|
+
})
|
21
|
+
end
|
22
|
+
|
23
|
+
def capture(email:, event:, properties: {})
|
24
|
+
return unless configured?
|
25
|
+
|
26
|
+
client.capture(
|
27
|
+
distinct_id: email,
|
28
|
+
event: event,
|
29
|
+
properties: properties.merge(instance_properties),
|
30
|
+
)
|
31
|
+
end
|
32
|
+
|
33
|
+
private
|
34
|
+
|
35
|
+
def configured?
|
36
|
+
ENV['POSTHOG_API_KEY'].present?
|
37
|
+
end
|
38
|
+
|
39
|
+
def client
|
40
|
+
@client ||= PostHog::Client.new({
|
41
|
+
api_key: ENV['POSTHOG_API_KEY'],
|
42
|
+
api_host: ENV['POSTHOG_HOST'],
|
43
|
+
on_error: Proc.new { |status, msg| print msg }
|
44
|
+
})
|
45
|
+
end
|
46
|
+
|
47
|
+
def instance_properties
|
48
|
+
{
|
49
|
+
instance_url: ENV['BASE_URL'],
|
50
|
+
osso_plan: ENV['OSSO_PLAN'],
|
51
|
+
}
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
data/lib/osso/lib/app_config.rb
CHANGED
@@ -7,7 +7,7 @@ module Osso
|
|
7
7
|
def self.included(klass)
|
8
8
|
klass.class_eval do
|
9
9
|
use Rack::JSONBodyParser
|
10
|
-
use Rack::Session::Cookie, secret: ENV
|
10
|
+
use Rack::Session::Cookie, secret: ENV.fetch('SESSION_SECRET')
|
11
11
|
|
12
12
|
error ActiveRecord::RecordNotFound do
|
13
13
|
status 404
|
data/lib/osso/routes/admin.rb
CHANGED
@@ -8,18 +8,47 @@ DEFAULT_VIEWS_DIR = File.join(File.expand_path(Bundler.root), 'views/rodauth')
|
|
8
8
|
module Osso
|
9
9
|
class Admin < Roda
|
10
10
|
DB = Sequel.postgres(extensions: :activerecord_connection)
|
11
|
-
use Rack::Session::Cookie, secret: ENV
|
12
|
-
|
11
|
+
use Rack::Session::Cookie, secret: ENV.fetch('SESSION_SECRET')
|
12
|
+
|
13
|
+
plugin :json
|
13
14
|
plugin :middleware
|
14
15
|
plugin :render, engine: 'erb', views: ENV['RODAUTH_VIEWS'] || DEFAULT_VIEWS_DIR
|
15
16
|
plugin :route_csrf
|
16
17
|
|
17
18
|
plugin :rodauth do
|
18
|
-
enable :login, :verify_account
|
19
|
+
enable :login, :verify_account, :jwt
|
20
|
+
|
21
|
+
base_uri = URI.parse(ENV.fetch('BASE_URL'))
|
22
|
+
base_url base_uri
|
23
|
+
domain base_uri.host
|
24
|
+
|
25
|
+
jwt_secret ENV.fetch('SESSION_SECRET')
|
26
|
+
only_json? false
|
27
|
+
|
28
|
+
email_from { "Osso <no-reply@#{domain}>" }
|
19
29
|
verify_account_set_password? true
|
20
|
-
already_logged_in { redirect login_redirect }
|
21
30
|
use_database_authentication_functions? false
|
22
31
|
|
32
|
+
after_login do
|
33
|
+
Osso::Analytics.identify(email: account[:email], properties: account)
|
34
|
+
end
|
35
|
+
|
36
|
+
verify_account_view do
|
37
|
+
render :admin
|
38
|
+
end
|
39
|
+
|
40
|
+
login_view do
|
41
|
+
render :admin
|
42
|
+
end
|
43
|
+
|
44
|
+
verify_account_email_subject do
|
45
|
+
DB[:accounts].one? ? 'Your Osso instance is ready' : 'You\'ve been invited to start using Osso'
|
46
|
+
end
|
47
|
+
|
48
|
+
verify_account_email_body do
|
49
|
+
DB[:accounts].one? ? render('verify-first-account-email') : render('verify-account-email')
|
50
|
+
end
|
51
|
+
|
23
52
|
before_create_account_route do
|
24
53
|
request.halt unless DB[:accounts].empty?
|
25
54
|
end
|
@@ -31,13 +60,16 @@ module Osso
|
|
31
60
|
r.rodauth
|
32
61
|
|
33
62
|
def current_account
|
34
|
-
Osso::Models::Account.find(
|
35
|
-
|
63
|
+
Osso::Models::Account.find(
|
64
|
+
rodauth.
|
65
|
+
session.
|
66
|
+
to_hash.
|
67
|
+
stringify_keys['account_id']
|
68
|
+
).context.
|
36
69
|
merge({ rodauth: rodauth })
|
37
70
|
end
|
38
71
|
|
39
72
|
r.on 'admin' do
|
40
|
-
rodauth.require_authentication
|
41
73
|
erb :admin, layout: false
|
42
74
|
end
|
43
75
|
|
data/lib/osso/routes/oauth.rb
CHANGED
@@ -16,13 +16,14 @@ module Osso
|
|
16
16
|
# Once they complete IdP login, they will be returned to the
|
17
17
|
# redirect_uri with an authorization code parameter.
|
18
18
|
get '/authorize' do
|
19
|
-
identity_providers = find_providers
|
20
|
-
|
21
19
|
validate_oauth_request(env)
|
22
20
|
|
23
|
-
|
21
|
+
return erb :hosted_login if render_hosted_login?
|
22
|
+
|
23
|
+
@providers = find_providers
|
24
|
+
|
25
|
+
redirect "/auth/saml/#{@providers.first.id}" if @providers.one?
|
24
26
|
|
25
|
-
@providers = identity_providers.not_pending
|
26
27
|
return erb :multiple_providers if @providers.count > 1
|
27
28
|
|
28
29
|
raise Osso::Error::MissingConfiguredIdentityProvider.new(domain: params[:domain])
|
@@ -61,6 +62,10 @@ module Osso
|
|
61
62
|
|
62
63
|
private
|
63
64
|
|
65
|
+
def render_hosted_login?
|
66
|
+
[params[:email], params[:domain]].all?(&:nil?)
|
67
|
+
end
|
68
|
+
|
64
69
|
def find_providers
|
65
70
|
if params[:email]
|
66
71
|
user = Osso::Models::User.
|
@@ -71,6 +76,7 @@ module Osso
|
|
71
76
|
|
72
77
|
Osso::Models::IdentityProvider.
|
73
78
|
joins(:oauth_client).
|
79
|
+
not_pending.
|
74
80
|
where(
|
75
81
|
domain: domain_from_params,
|
76
82
|
oauth_clients: { identifier: params[:client_id] },
|
data/lib/osso/version.rb
CHANGED
data/osso-rb.gemspec
CHANGED
@@ -22,13 +22,14 @@ Gem::Specification.new do |spec|
|
|
22
22
|
spec.add_runtime_dependency 'mail', '~> 2.7.1'
|
23
23
|
spec.add_runtime_dependency 'omniauth-multi-provider'
|
24
24
|
spec.add_runtime_dependency 'omniauth-saml'
|
25
|
+
spec.add_runtime_dependency 'posthog-ruby'
|
25
26
|
spec.add_runtime_dependency 'rack', '>= 2.1.4'
|
26
27
|
spec.add_runtime_dependency 'rack-contrib'
|
27
28
|
spec.add_runtime_dependency 'rack-oauth2'
|
28
29
|
spec.add_runtime_dependency 'rake'
|
29
|
-
spec.add_runtime_dependency 'rodauth', '
|
30
|
-
spec.add_runtime_dependency 'sequel', '
|
31
|
-
spec.add_runtime_dependency 'sequel-activerecord_connection', '
|
30
|
+
spec.add_runtime_dependency 'rodauth', '>= 2.6', '< 2.8'
|
31
|
+
spec.add_runtime_dependency 'sequel', '>= 5.37', '< 5.41'
|
32
|
+
spec.add_runtime_dependency 'sequel-activerecord_connection', '>= 0.3', '< 2.0'
|
32
33
|
spec.add_runtime_dependency 'sinatra'
|
33
34
|
spec.add_runtime_dependency 'sinatra-activerecord'
|
34
35
|
spec.add_runtime_dependency 'sinatra-contrib'
|
data/spec/routes/admin_spec.rb
CHANGED
@@ -4,23 +4,41 @@ require 'spec_helper'
|
|
4
4
|
|
5
5
|
describe Osso::Admin do
|
6
6
|
describe 'get /admin' do
|
7
|
-
it '
|
7
|
+
it 'renders the admin layout' do
|
8
8
|
get('/admin')
|
9
9
|
|
10
|
-
expect(last_response).to
|
11
|
-
follow_redirect!
|
12
|
-
expect(last_request.url).to match('/login')
|
10
|
+
expect(last_response).to be_ok
|
13
11
|
end
|
12
|
+
end
|
14
13
|
|
15
|
-
|
16
|
-
|
17
|
-
account = create(:verified_account, password: password)
|
14
|
+
describe 'post /graphql' do
|
15
|
+
let(:account) { create(:account) }
|
18
16
|
|
19
|
-
|
17
|
+
it 'runs a GraphQL query with a valid jwt' do
|
18
|
+
allow_any_instance_of(described_class.rodauth).to receive(:logged_in?).and_return(true)
|
19
|
+
allow(Osso::Models::Account).to receive(:find).and_return(account)
|
20
|
+
allow(Osso::GraphQL::Schema).to receive(:execute).and_return({graphql: true})
|
20
21
|
|
21
|
-
|
22
|
+
header 'Content-Type', 'application/json'
|
23
|
+
post("/graphql")
|
22
24
|
|
23
25
|
expect(last_response).to be_ok
|
26
|
+
expect(last_json_response).to eq({graphql: true})
|
27
|
+
end
|
28
|
+
|
29
|
+
it 'returns a 400 for an invalid jwt' do
|
30
|
+
header 'Content-Type', 'application/json'
|
31
|
+
header 'Authorization', 'Bearer bad-token'
|
32
|
+
post("/graphql")
|
33
|
+
|
34
|
+
expect(last_response.status).to eq 400
|
35
|
+
end
|
36
|
+
|
37
|
+
it 'returns a 401 without a jwt' do
|
38
|
+
header 'Content-Type', 'application/json'
|
39
|
+
post("/graphql")
|
40
|
+
|
41
|
+
expect(last_response.status).to eq 401
|
24
42
|
end
|
25
43
|
end
|
26
44
|
end
|
data/spec/routes/oauth_spec.rb
CHANGED
@@ -27,6 +27,20 @@ describe Osso::Oauth do
|
|
27
27
|
end
|
28
28
|
end
|
29
29
|
|
30
|
+
describe 'for a request without email or domain' do
|
31
|
+
it 'redirects to /auth/saml/:provider_id' do
|
32
|
+
get(
|
33
|
+
'/oauth/authorize',
|
34
|
+
client_id: client.identifier,
|
35
|
+
response_type: 'code',
|
36
|
+
redirect_uri: client.redirect_uri_values.sample,
|
37
|
+
)
|
38
|
+
|
39
|
+
expect(last_response).to be_ok
|
40
|
+
expect(last_response.body).to eq('HOSTED LOGIN')
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
30
44
|
describe 'for an enterprise domain with one SAML provider' do
|
31
45
|
it 'redirects to /auth/saml/:provider_id' do
|
32
46
|
enterprise = create(:enterprise_with_okta, oauth_client: client)
|
@@ -0,0 +1 @@
|
|
1
|
+
HOSTED LOGIN
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: osso
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.11
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sam Bauch
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-01-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -108,6 +108,20 @@ dependencies:
|
|
108
108
|
- - ">="
|
109
109
|
- !ruby/object:Gem::Version
|
110
110
|
version: '0'
|
111
|
+
- !ruby/object:Gem::Dependency
|
112
|
+
name: posthog-ruby
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - ">="
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '0'
|
118
|
+
type: :runtime
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - ">="
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '0'
|
111
125
|
- !ruby/object:Gem::Dependency
|
112
126
|
name: rack
|
113
127
|
requirement: !ruby/object:Gem::Requirement
|
@@ -168,44 +182,62 @@ dependencies:
|
|
168
182
|
name: rodauth
|
169
183
|
requirement: !ruby/object:Gem::Requirement
|
170
184
|
requirements:
|
171
|
-
- - "
|
185
|
+
- - ">="
|
186
|
+
- !ruby/object:Gem::Version
|
187
|
+
version: '2.6'
|
188
|
+
- - "<"
|
172
189
|
- !ruby/object:Gem::Version
|
173
|
-
version: 2.
|
190
|
+
version: '2.8'
|
174
191
|
type: :runtime
|
175
192
|
prerelease: false
|
176
193
|
version_requirements: !ruby/object:Gem::Requirement
|
177
194
|
requirements:
|
178
|
-
- - "
|
195
|
+
- - ">="
|
179
196
|
- !ruby/object:Gem::Version
|
180
|
-
version: 2.6
|
197
|
+
version: '2.6'
|
198
|
+
- - "<"
|
199
|
+
- !ruby/object:Gem::Version
|
200
|
+
version: '2.8'
|
181
201
|
- !ruby/object:Gem::Dependency
|
182
202
|
name: sequel
|
183
203
|
requirement: !ruby/object:Gem::Requirement
|
184
204
|
requirements:
|
185
|
-
- - "
|
205
|
+
- - ">="
|
206
|
+
- !ruby/object:Gem::Version
|
207
|
+
version: '5.37'
|
208
|
+
- - "<"
|
186
209
|
- !ruby/object:Gem::Version
|
187
|
-
version: 5.
|
210
|
+
version: '5.41'
|
188
211
|
type: :runtime
|
189
212
|
prerelease: false
|
190
213
|
version_requirements: !ruby/object:Gem::Requirement
|
191
214
|
requirements:
|
192
|
-
- - "
|
215
|
+
- - ">="
|
193
216
|
- !ruby/object:Gem::Version
|
194
|
-
version: 5.37
|
217
|
+
version: '5.37'
|
218
|
+
- - "<"
|
219
|
+
- !ruby/object:Gem::Version
|
220
|
+
version: '5.41'
|
195
221
|
- !ruby/object:Gem::Dependency
|
196
222
|
name: sequel-activerecord_connection
|
197
223
|
requirement: !ruby/object:Gem::Requirement
|
198
224
|
requirements:
|
199
|
-
- - "
|
225
|
+
- - ">="
|
200
226
|
- !ruby/object:Gem::Version
|
201
227
|
version: '0.3'
|
228
|
+
- - "<"
|
229
|
+
- !ruby/object:Gem::Version
|
230
|
+
version: '2.0'
|
202
231
|
type: :runtime
|
203
232
|
prerelease: false
|
204
233
|
version_requirements: !ruby/object:Gem::Requirement
|
205
234
|
requirements:
|
206
|
-
- - "
|
235
|
+
- - ">="
|
207
236
|
- !ruby/object:Gem::Version
|
208
237
|
version: '0.3'
|
238
|
+
- - "<"
|
239
|
+
- !ruby/object:Gem::Version
|
240
|
+
version: '2.0'
|
209
241
|
- !ruby/object:Gem::Dependency
|
210
242
|
name: sinatra
|
211
243
|
requirement: !ruby/object:Gem::Requirement
|
@@ -305,6 +337,8 @@ files:
|
|
305
337
|
- ".buildkite/hooks/pre-command"
|
306
338
|
- ".buildkite/pipeline.yml"
|
307
339
|
- ".buildkite/template.yml"
|
340
|
+
- ".github/dependabot.yml"
|
341
|
+
- ".github/workflows/automerge.yml"
|
308
342
|
- ".gitignore"
|
309
343
|
- ".rspec"
|
310
344
|
- ".rubocop.yml"
|
@@ -350,6 +384,7 @@ files:
|
|
350
384
|
- lib/osso/db/migrate/20201109160851_add_sso_issuer_to_identity_providers.rb
|
351
385
|
- lib/osso/db/migrate/20201110190754_remove_oauth_client_id_from_enterprise_accounts.rb
|
352
386
|
- lib/osso/db/migrate/20201112160120_add_ping_to_identity_provider_service_enum.rb
|
387
|
+
- lib/osso/db/migrate/20201125143501_add_salesforce_to_provider_service_enum.rb
|
353
388
|
- lib/osso/error/account_configuration_error.rb
|
354
389
|
- lib/osso/error/error.rb
|
355
390
|
- lib/osso/error/missing_saml_attribute_error.rb
|
@@ -392,8 +427,7 @@ files:
|
|
392
427
|
- lib/osso/graphql/types/oauth_client.rb
|
393
428
|
- lib/osso/graphql/types/redirect_uri.rb
|
394
429
|
- lib/osso/graphql/types/redirect_uri_input.rb
|
395
|
-
- lib/osso/
|
396
|
-
- lib/osso/helpers/helpers.rb
|
430
|
+
- lib/osso/lib/analytics.rb
|
397
431
|
- lib/osso/lib/app_config.rb
|
398
432
|
- lib/osso/lib/oauth2_token.rb
|
399
433
|
- lib/osso/lib/route_map.rb
|
@@ -442,7 +476,6 @@ files:
|
|
442
476
|
- spec/models/enterprise_account_spec.rb
|
443
477
|
- spec/models/identity_provider_spec.rb
|
444
478
|
- spec/routes/admin_spec.rb
|
445
|
-
- spec/routes/app_spec.rb
|
446
479
|
- spec/routes/auth_spec.rb
|
447
480
|
- spec/routes/oauth_spec.rb
|
448
481
|
- spec/spec_helper.rb
|
@@ -450,6 +483,7 @@ files:
|
|
450
483
|
- spec/support/spec_app.rb
|
451
484
|
- spec/support/views/admin.erb
|
452
485
|
- spec/support/views/error.erb
|
486
|
+
- spec/support/views/hosted_login.erb
|
453
487
|
- spec/support/views/layout.erb
|
454
488
|
- spec/support/views/multiple_providers.erb
|
455
489
|
homepage: https://github.com/enterprise-oss/osso-rb
|
@@ -467,9 +501,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
467
501
|
version: 2.3.0
|
468
502
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
469
503
|
requirements:
|
470
|
-
- - "
|
504
|
+
- - ">="
|
471
505
|
- !ruby/object:Gem::Version
|
472
|
-
version:
|
506
|
+
version: '0'
|
473
507
|
requirements: []
|
474
508
|
rubygems_version: 3.0.3
|
475
509
|
signing_key:
|
data/lib/osso/helpers/auth.rb
DELETED
@@ -1,94 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Osso
|
4
|
-
module Helpers
|
5
|
-
module Auth
|
6
|
-
END_USER_SCOPE = 'end-user'
|
7
|
-
INTERNAL_SCOPE = 'internal'
|
8
|
-
ADMIN_SCOPE = 'admin'
|
9
|
-
|
10
|
-
attr_accessor :current_user
|
11
|
-
|
12
|
-
def token_protected!
|
13
|
-
decode(token)
|
14
|
-
rescue JWT::DecodeError
|
15
|
-
halt 401
|
16
|
-
end
|
17
|
-
|
18
|
-
def enterprise_protected!(domain = nil)
|
19
|
-
return if admin_authorized?
|
20
|
-
return if internal_authorized?
|
21
|
-
return if enterprise_authorized?(domain)
|
22
|
-
|
23
|
-
halt 401 if request.post?
|
24
|
-
|
25
|
-
redirect ENV['JWT_URL']
|
26
|
-
end
|
27
|
-
|
28
|
-
def internal_protected!
|
29
|
-
return if admin_authorized?
|
30
|
-
return if internal_authorized?
|
31
|
-
|
32
|
-
redirect ENV['JWT_URL']
|
33
|
-
end
|
34
|
-
|
35
|
-
def admin_protected!
|
36
|
-
return true if admin_authorized?
|
37
|
-
|
38
|
-
redirect ENV['JWT_URL']
|
39
|
-
end
|
40
|
-
|
41
|
-
private
|
42
|
-
|
43
|
-
def enterprise_authorized?(domain)
|
44
|
-
decode(token)
|
45
|
-
|
46
|
-
@current_user[:scope] == END_USER_SCOPE &&
|
47
|
-
@current_user[:email].split('@')[1] == domain
|
48
|
-
rescue JWT::DecodeError
|
49
|
-
false
|
50
|
-
end
|
51
|
-
|
52
|
-
def internal_authorized?
|
53
|
-
decode(token)
|
54
|
-
|
55
|
-
@current_user[:scope] == INTERNAL_SCOPE
|
56
|
-
rescue JWT::DecodeError
|
57
|
-
false
|
58
|
-
end
|
59
|
-
|
60
|
-
def admin_authorized?
|
61
|
-
decode(token)
|
62
|
-
|
63
|
-
@current_user[:scope] == ADMIN_SCOPE
|
64
|
-
rescue JWT::DecodeError
|
65
|
-
false
|
66
|
-
end
|
67
|
-
|
68
|
-
def token
|
69
|
-
session['admin_token'] || request.env['HTTP_AUTHORIZATION'] || request.params['admin_token']
|
70
|
-
end
|
71
|
-
|
72
|
-
def chomp_token
|
73
|
-
return unless request['admin_token'].present?
|
74
|
-
|
75
|
-
session['admin_token'] = request['admin_token']
|
76
|
-
|
77
|
-
return if request.post?
|
78
|
-
|
79
|
-
redirect request.path
|
80
|
-
end
|
81
|
-
|
82
|
-
def decode(token)
|
83
|
-
payload, _args = JWT.decode(
|
84
|
-
token,
|
85
|
-
ENV['JWT_HMAC_SECRET'],
|
86
|
-
true,
|
87
|
-
{ algorithm: 'HS256' },
|
88
|
-
)
|
89
|
-
|
90
|
-
@current_user = payload.symbolize_keys
|
91
|
-
end
|
92
|
-
end
|
93
|
-
end
|
94
|
-
end
|
data/lib/osso/helpers/helpers.rb
DELETED