osso 0.0.6 → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. checksums.yaml +4 -4
  2. data/.buildkite/pipeline.yml +1 -0
  3. data/.rubocop.yml +4 -16
  4. data/Gemfile +3 -3
  5. data/Gemfile.lock +76 -70
  6. data/Rakefile +3 -0
  7. data/bin/console +3 -0
  8. data/db/schema.rb +2 -2
  9. data/lib/osso.rb +1 -0
  10. data/lib/osso/db/migrate/20201125143501_add_salesforce_to_provider_service_enum.rb +28 -0
  11. data/lib/osso/graphql/mutations/configure_identity_provider.rb +4 -1
  12. data/lib/osso/graphql/mutations/create_enterprise_account.rb +4 -1
  13. data/lib/osso/graphql/mutations/create_identity_provider.rb +8 -3
  14. data/lib/osso/graphql/mutations/create_oauth_client.rb +4 -1
  15. data/lib/osso/graphql/mutations/delete_enterprise_account.rb +4 -1
  16. data/lib/osso/graphql/mutations/delete_identity_provider.rb +4 -1
  17. data/lib/osso/graphql/mutations/delete_oauth_client.rb +4 -1
  18. data/lib/osso/graphql/mutations/invite_admin_user.rb +6 -0
  19. data/lib/osso/graphql/mutations/regenerate_oauth_credentials.rb +10 -1
  20. data/lib/osso/graphql/mutations/set_redirect_uris.rb +2 -0
  21. data/lib/osso/graphql/mutations/update_app_config.rb +4 -1
  22. data/lib/osso/graphql/query.rb +26 -31
  23. data/lib/osso/graphql/schema.rb +0 -1
  24. data/lib/osso/graphql/types/identity_provider_service.rb +1 -0
  25. data/lib/osso/lib/analytics.rb +55 -0
  26. data/lib/osso/lib/route_map.rb +2 -0
  27. data/lib/osso/models/account.rb +1 -1
  28. data/lib/osso/models/identity_provider.rb +3 -2
  29. data/lib/osso/routes/admin.rb +37 -5
  30. data/lib/osso/routes/auth.rb +2 -0
  31. data/lib/osso/routes/oauth.rb +10 -4
  32. data/lib/osso/version.rb +1 -1
  33. data/lib/tasks/bootstrap.rake +6 -4
  34. data/osso-rb.gemspec +5 -3
  35. data/spec/graphql/mutations/create_identity_provider_spec.rb +1 -1
  36. data/spec/models/identity_provider_spec.rb +1 -0
  37. data/spec/routes/admin_spec.rb +27 -9
  38. data/spec/routes/auth_spec.rb +5 -3
  39. data/spec/routes/oauth_spec.rb +20 -12
  40. data/spec/spec_helper.rb +2 -0
  41. data/spec/support/views/hosted_login.erb +1 -0
  42. data/spec/support/views/saml_login_form.erb +1 -0
  43. metadata +40 -9
  44. data/spec/routes/app_spec.rb +0 -6
@@ -22,15 +22,17 @@ Gem::Specification.new do |spec|
22
22
  spec.add_runtime_dependency 'mail', '~> 2.7.1'
23
23
  spec.add_runtime_dependency 'omniauth-multi-provider'
24
24
  spec.add_runtime_dependency 'omniauth-saml'
25
+ spec.add_runtime_dependency 'posthog-ruby'
25
26
  spec.add_runtime_dependency 'rack', '>= 2.1.4'
26
27
  spec.add_runtime_dependency 'rack-contrib'
27
28
  spec.add_runtime_dependency 'rack-oauth2'
29
+ spec.add_runtime_dependency 'rack-protection', '~> 2.1.0'
28
30
  spec.add_runtime_dependency 'rake'
29
- spec.add_runtime_dependency 'rodauth', '~> 2.6.0'
30
- spec.add_runtime_dependency 'sequel', '~> 5.37.0'
31
+ spec.add_runtime_dependency 'rodauth', '~> 2.9'
32
+ spec.add_runtime_dependency 'sequel', '~> 5.40'
31
33
  spec.add_runtime_dependency 'sequel-activerecord_connection', '>= 0.3', '< 2.0'
32
34
  spec.add_runtime_dependency 'sinatra'
33
- spec.add_runtime_dependency 'sinatra-activerecord'
35
+ spec.add_runtime_dependency 'sinatra-activerecord', '>= 2.0.22'
34
36
  spec.add_runtime_dependency 'sinatra-contrib'
35
37
 
36
38
  spec.add_development_dependency 'annotate', '~> 3.1'
@@ -91,7 +91,7 @@ describe Osso::GraphQL::Schema do
91
91
  },
92
92
  }
93
93
  end
94
-
94
+
95
95
  it 'creates an identity provider' do
96
96
  expect { subject }.to change { enterprise_account.identity_providers.count }.by(1)
97
97
  expect(subject.dig('data', 'createIdentityProvider', 'identityProvider', 'domain')).
@@ -66,6 +66,7 @@ describe Osso::Models::IdentityProvider do
66
66
  idp_cert: subject.sso_cert,
67
67
  idp_sso_target_url: subject.sso_url,
68
68
  issuer: subject.sso_issuer,
69
+ name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
69
70
  )
70
71
  end
71
72
  end
@@ -4,23 +4,41 @@ require 'spec_helper'
4
4
 
5
5
  describe Osso::Admin do
6
6
  describe 'get /admin' do
7
- it 'redirects to /login without a session' do
7
+ it 'renders the admin layout' do
8
8
  get('/admin')
9
9
 
10
- expect(last_response).to be_redirect
11
- follow_redirect!
12
- expect(last_request.url).to match('/login')
10
+ expect(last_response).to be_ok
13
11
  end
12
+ end
14
13
 
15
- xit 'renders the admin page for a valid session token' do
16
- password = SecureRandom.urlsafe_base64(16)
17
- account = create(:verified_account, password: password)
14
+ describe 'post /graphql' do
15
+ let(:account) { create(:account) }
18
16
 
19
- post('/login', { email: account.email, password: password })
17
+ it 'runs a GraphQL query with a valid jwt' do
18
+ allow_any_instance_of(described_class.rodauth).to receive(:logged_in?).and_return(true)
19
+ allow(Osso::Models::Account).to receive(:find).and_return(account)
20
+ allow(Osso::GraphQL::Schema).to receive(:execute).and_return({ graphql: true })
20
21
 
21
- get('/admin')
22
+ header 'Content-Type', 'application/json'
23
+ post('/graphql')
22
24
 
23
25
  expect(last_response).to be_ok
26
+ expect(last_json_response).to eq({ graphql: true })
27
+ end
28
+
29
+ it 'returns a 400 for an invalid jwt' do
30
+ header 'Content-Type', 'application/json'
31
+ header 'Authorization', 'Bearer bad-token'
32
+ post('/graphql')
33
+
34
+ expect(last_response.status).to eq 400
35
+ end
36
+
37
+ it 'returns a 401 without a jwt' do
38
+ header 'Content-Type', 'application/json'
39
+ post('/graphql')
40
+
41
+ expect(last_response.status).to eq 401
24
42
  end
25
43
  end
26
44
  end
@@ -6,12 +6,13 @@ describe Osso::Auth do
6
6
  before do
7
7
  described_class.set(:views, spec_views)
8
8
  end
9
- describe 'get /auth/saml/:uuid' do
9
+
10
+ describe 'post /auth/saml/:uuid' do
10
11
  describe 'for an Okta SAML provider' do
11
12
  let(:enterprise) { create(:enterprise_with_okta) }
12
13
  let(:okta_provider) { enterprise.identity_providers.first }
13
14
  it 'uses omniauth saml' do
14
- get("/auth/saml/#{okta_provider.id}")
15
+ post("/auth/saml/#{okta_provider.id}")
15
16
 
16
17
  expect(last_response).to be_redirect
17
18
  follow_redirect!
@@ -23,7 +24,7 @@ describe Osso::Auth do
23
24
  let(:enterprise) { create(:enterprise_with_okta) }
24
25
  let(:azure_provider) { enterprise.identity_providers.first }
25
26
  it 'uses omniauth saml' do
26
- get("/auth/saml/#{azure_provider.id}")
27
+ post("/auth/saml/#{azure_provider.id}")
27
28
 
28
29
  expect(last_response).to be_redirect
29
30
  follow_redirect!
@@ -31,6 +32,7 @@ describe Osso::Auth do
31
32
  end
32
33
  end
33
34
  end
35
+
34
36
  describe 'post /auth/saml/:uuid/callback' do
35
37
  describe 'for an Okta SAML provider' do
36
38
  let(:enterprise) { create(:enterprise_with_okta) }
@@ -27,8 +27,22 @@ describe Osso::Oauth do
27
27
  end
28
28
  end
29
29
 
30
+ describe 'for a request without email or domain' do
31
+ it 'renders the hosted login page' do
32
+ get(
33
+ '/oauth/authorize',
34
+ client_id: client.identifier,
35
+ response_type: 'code',
36
+ redirect_uri: client.redirect_uri_values.sample,
37
+ )
38
+
39
+ expect(last_response).to be_ok
40
+ expect(last_response.body).to eq('HOSTED LOGIN')
41
+ end
42
+ end
43
+
30
44
  describe 'for an enterprise domain with one SAML provider' do
31
- it 'redirects to /auth/saml/:provider_id' do
45
+ it 'renders the saml login form' do
32
46
  enterprise = create(:enterprise_with_okta, oauth_client: client)
33
47
 
34
48
  get(
@@ -41,9 +55,7 @@ describe Osso::Oauth do
41
55
 
42
56
  provider_id = enterprise.identity_providers.first.id
43
57
 
44
- expect(last_response).to be_redirect
45
- follow_redirect!
46
- expect(last_request.url).to match("auth/saml/#{provider_id}")
58
+ expect(last_response.body).to match(provider_id)
47
59
  end
48
60
  end
49
61
 
@@ -65,7 +77,7 @@ describe Osso::Oauth do
65
77
  end
66
78
 
67
79
  describe "for an existing user's email address" do
68
- it 'redirects to /auth/saml/:provider_id' do
80
+ it 'renders the saml login form' do
69
81
  enterprise = create(:enterprise_with_okta, oauth_client: client)
70
82
  provider_id = enterprise.identity_providers.first.id
71
83
  user = create(:user, email: "user@#{enterprise.domain}", identity_provider_id: provider_id)
@@ -78,14 +90,12 @@ describe Osso::Oauth do
78
90
  redirect_uri: client.redirect_uri_values.sample,
79
91
  )
80
92
 
81
- expect(last_response).to be_redirect
82
- follow_redirect!
83
- expect(last_request.url).to match("auth/saml/#{provider_id}")
93
+ expect(last_response.body).to match(provider_id)
84
94
  end
85
95
  end
86
96
 
87
97
  describe "for a new user's email address belonging to an enterprise with one SAML provider" do
88
- it 'redirects to /auth/saml/:provider_id' do
98
+ it 'renders the saml login form' do
89
99
  enterprise = create(:enterprise_with_okta, oauth_client: client)
90
100
 
91
101
  get(
@@ -98,9 +108,7 @@ describe Osso::Oauth do
98
108
 
99
109
  provider_id = enterprise.identity_providers.first.id
100
110
 
101
- expect(last_response).to be_redirect
102
- follow_redirect!
103
- expect(last_request.url).to match("auth/saml/#{provider_id}")
111
+ expect(last_response.body).to match(provider_id)
104
112
  end
105
113
  end
106
114
 
@@ -80,5 +80,7 @@ RSpec.configure do |config|
80
80
 
81
81
  OmniAuth.config.test_mode = true
82
82
  OmniAuth.config.logger = Logger.new('/dev/null')
83
+ OmniAuth.config.request_validation_phase = proc {}
84
+
83
85
  WebMock.disable_net_connect!(allow_localhost: true)
84
86
  end
@@ -0,0 +1 @@
1
+ HOSTED LOGIN
@@ -0,0 +1 @@
1
+ <%= @providers.first.id %>
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: osso
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.6
4
+ version: 0.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sam Bauch
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-11-24 00:00:00.000000000 Z
11
+ date: 2021-01-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -108,6 +108,20 @@ dependencies:
108
108
  - - ">="
109
109
  - !ruby/object:Gem::Version
110
110
  version: '0'
111
+ - !ruby/object:Gem::Dependency
112
+ name: posthog-ruby
113
+ requirement: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - ">="
116
+ - !ruby/object:Gem::Version
117
+ version: '0'
118
+ type: :runtime
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - ">="
123
+ - !ruby/object:Gem::Version
124
+ version: '0'
111
125
  - !ruby/object:Gem::Dependency
112
126
  name: rack
113
127
  requirement: !ruby/object:Gem::Requirement
@@ -150,6 +164,20 @@ dependencies:
150
164
  - - ">="
151
165
  - !ruby/object:Gem::Version
152
166
  version: '0'
167
+ - !ruby/object:Gem::Dependency
168
+ name: rack-protection
169
+ requirement: !ruby/object:Gem::Requirement
170
+ requirements:
171
+ - - "~>"
172
+ - !ruby/object:Gem::Version
173
+ version: 2.1.0
174
+ type: :runtime
175
+ prerelease: false
176
+ version_requirements: !ruby/object:Gem::Requirement
177
+ requirements:
178
+ - - "~>"
179
+ - !ruby/object:Gem::Version
180
+ version: 2.1.0
153
181
  - !ruby/object:Gem::Dependency
154
182
  name: rake
155
183
  requirement: !ruby/object:Gem::Requirement
@@ -170,28 +198,28 @@ dependencies:
170
198
  requirements:
171
199
  - - "~>"
172
200
  - !ruby/object:Gem::Version
173
- version: 2.6.0
201
+ version: '2.9'
174
202
  type: :runtime
175
203
  prerelease: false
176
204
  version_requirements: !ruby/object:Gem::Requirement
177
205
  requirements:
178
206
  - - "~>"
179
207
  - !ruby/object:Gem::Version
180
- version: 2.6.0
208
+ version: '2.9'
181
209
  - !ruby/object:Gem::Dependency
182
210
  name: sequel
183
211
  requirement: !ruby/object:Gem::Requirement
184
212
  requirements:
185
213
  - - "~>"
186
214
  - !ruby/object:Gem::Version
187
- version: 5.37.0
215
+ version: '5.40'
188
216
  type: :runtime
189
217
  prerelease: false
190
218
  version_requirements: !ruby/object:Gem::Requirement
191
219
  requirements:
192
220
  - - "~>"
193
221
  - !ruby/object:Gem::Version
194
- version: 5.37.0
222
+ version: '5.40'
195
223
  - !ruby/object:Gem::Dependency
196
224
  name: sequel-activerecord_connection
197
225
  requirement: !ruby/object:Gem::Requirement
@@ -232,14 +260,14 @@ dependencies:
232
260
  requirements:
233
261
  - - ">="
234
262
  - !ruby/object:Gem::Version
235
- version: '0'
263
+ version: 2.0.22
236
264
  type: :runtime
237
265
  prerelease: false
238
266
  version_requirements: !ruby/object:Gem::Requirement
239
267
  requirements:
240
268
  - - ">="
241
269
  - !ruby/object:Gem::Version
242
- version: '0'
270
+ version: 2.0.22
243
271
  - !ruby/object:Gem::Dependency
244
272
  name: sinatra-contrib
245
273
  requirement: !ruby/object:Gem::Requirement
@@ -358,6 +386,7 @@ files:
358
386
  - lib/osso/db/migrate/20201109160851_add_sso_issuer_to_identity_providers.rb
359
387
  - lib/osso/db/migrate/20201110190754_remove_oauth_client_id_from_enterprise_accounts.rb
360
388
  - lib/osso/db/migrate/20201112160120_add_ping_to_identity_provider_service_enum.rb
389
+ - lib/osso/db/migrate/20201125143501_add_salesforce_to_provider_service_enum.rb
361
390
  - lib/osso/error/account_configuration_error.rb
362
391
  - lib/osso/error/error.rb
363
392
  - lib/osso/error/missing_saml_attribute_error.rb
@@ -400,6 +429,7 @@ files:
400
429
  - lib/osso/graphql/types/oauth_client.rb
401
430
  - lib/osso/graphql/types/redirect_uri.rb
402
431
  - lib/osso/graphql/types/redirect_uri_input.rb
432
+ - lib/osso/lib/analytics.rb
403
433
  - lib/osso/lib/app_config.rb
404
434
  - lib/osso/lib/oauth2_token.rb
405
435
  - lib/osso/lib/route_map.rb
@@ -448,7 +478,6 @@ files:
448
478
  - spec/models/enterprise_account_spec.rb
449
479
  - spec/models/identity_provider_spec.rb
450
480
  - spec/routes/admin_spec.rb
451
- - spec/routes/app_spec.rb
452
481
  - spec/routes/auth_spec.rb
453
482
  - spec/routes/oauth_spec.rb
454
483
  - spec/spec_helper.rb
@@ -456,8 +485,10 @@ files:
456
485
  - spec/support/spec_app.rb
457
486
  - spec/support/views/admin.erb
458
487
  - spec/support/views/error.erb
488
+ - spec/support/views/hosted_login.erb
459
489
  - spec/support/views/layout.erb
460
490
  - spec/support/views/multiple_providers.erb
491
+ - spec/support/views/saml_login_form.erb
461
492
  homepage: https://github.com/enterprise-oss/osso-rb
462
493
  licenses:
463
494
  - MIT
@@ -1,6 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'spec_helper'
4
-
5
- describe 'App' do
6
- end