osso 0.0.6 → 0.1.0

data/osso-rb.gemspec

@@ -22,15 +22,17 @@ Gem::Specification.new do |spec|
   spec.add_runtime_dependency 'mail', '~> 2.7.1'
   spec.add_runtime_dependency 'omniauth-multi-provider'
   spec.add_runtime_dependency 'omniauth-saml'
+  spec.add_runtime_dependency 'posthog-ruby'
   spec.add_runtime_dependency 'rack', '>= 2.1.4'
   spec.add_runtime_dependency 'rack-contrib'
   spec.add_runtime_dependency 'rack-oauth2'
+  spec.add_runtime_dependency 'rack-protection', '~> 2.1.0'
   spec.add_runtime_dependency 'rake'
-  spec.add_runtime_dependency 'rodauth', '~> 2.6.0'
-  spec.add_runtime_dependency 'sequel', '~> 5.37.0'
+  spec.add_runtime_dependency 'rodauth', '~> 2.9'
+  spec.add_runtime_dependency 'sequel', '~> 5.40'
   spec.add_runtime_dependency 'sequel-activerecord_connection', '>= 0.3', '< 2.0'
   spec.add_runtime_dependency 'sinatra'
-  spec.add_runtime_dependency 'sinatra-activerecord'
+  spec.add_runtime_dependency 'sinatra-activerecord', '>= 2.0.22'
   spec.add_runtime_dependency 'sinatra-contrib'
 
   spec.add_development_dependency 'annotate', '~> 3.1'

data/spec/graphql/mutations/create_identity_provider_spec.rb

@@ -91,7 +91,7 @@ describe Osso::GraphQL::Schema do
               },
           }
         end
-        
+
         it 'creates an identity provider' do
           expect { subject }.to change { enterprise_account.identity_providers.count }.by(1)
           expect(subject.dig('data', 'createIdentityProvider', 'identityProvider', 'domain')).

data/spec/models/identity_provider_spec.rb

@@ -66,6 +66,7 @@ describe Osso::Models::IdentityProvider do
           idp_cert: subject.sso_cert,
           idp_sso_target_url: subject.sso_url,
           issuer: subject.sso_issuer,
+          name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
         )
     end
   end

data/spec/routes/admin_spec.rb

@@ -4,23 +4,41 @@ require 'spec_helper'
 
 describe Osso::Admin do
   describe 'get /admin' do
-    it 'redirects to /login without a session' do
+    it 'renders the admin layout' do
       get('/admin')
 
-      expect(last_response).to be_redirect
-      follow_redirect!
-      expect(last_request.url).to match('/login')
+      expect(last_response).to be_ok
     end
+  end
 
-    xit 'renders the admin page for a valid session token' do
-      password = SecureRandom.urlsafe_base64(16)
-      account = create(:verified_account, password: password)
+  describe 'post /graphql' do
+    let(:account) { create(:account) }
 
-      post('/login', { email: account.email, password: password })
+    it 'runs a GraphQL query with a valid jwt' do
+      allow_any_instance_of(described_class.rodauth).to receive(:logged_in?).and_return(true)
+      allow(Osso::Models::Account).to receive(:find).and_return(account)
+      allow(Osso::GraphQL::Schema).to receive(:execute).and_return({ graphql: true })
 
-      get('/admin')
+      header 'Content-Type', 'application/json'
+      post('/graphql')
 
       expect(last_response).to be_ok
+      expect(last_json_response).to eq({ graphql: true })
+    end
+
+    it 'returns a 400 for an invalid jwt' do
+      header 'Content-Type', 'application/json'
+      header 'Authorization', 'Bearer bad-token'
+      post('/graphql')
+
+      expect(last_response.status).to eq 400
+    end
+
+    it 'returns a 401 without a jwt' do
+      header 'Content-Type', 'application/json'
+      post('/graphql')
+
+      expect(last_response.status).to eq 401
     end
   end
 end

data/spec/routes/auth_spec.rb

@@ -6,12 +6,13 @@ describe Osso::Auth do
   before do
     described_class.set(:views, spec_views)
   end
-  describe 'get /auth/saml/:uuid' do
+
+  describe 'post /auth/saml/:uuid' do
     describe 'for an Okta SAML provider' do
       let(:enterprise) { create(:enterprise_with_okta) }
       let(:okta_provider) { enterprise.identity_providers.first }
       it 'uses omniauth saml' do
-        get("/auth/saml/#{okta_provider.id}")
+        post("/auth/saml/#{okta_provider.id}")
 
         expect(last_response).to be_redirect
         follow_redirect!
@@ -23,7 +24,7 @@ describe Osso::Auth do
       let(:enterprise) { create(:enterprise_with_okta) }
       let(:azure_provider) { enterprise.identity_providers.first }
       it 'uses omniauth saml' do
-        get("/auth/saml/#{azure_provider.id}")
+        post("/auth/saml/#{azure_provider.id}")
 
         expect(last_response).to be_redirect
         follow_redirect!
@@ -31,6 +32,7 @@ describe Osso::Auth do
       end
     end
   end
+
   describe 'post /auth/saml/:uuid/callback' do
     describe 'for an Okta SAML provider' do
       let(:enterprise) { create(:enterprise_with_okta) }

data/spec/routes/oauth_spec.rb

@@ -27,8 +27,22 @@ describe Osso::Oauth do
         end
       end
 
+      describe 'for a request without email or domain' do
+        it 'renders the hosted login page' do
+          get(
+            '/oauth/authorize',
+            client_id: client.identifier,
+            response_type: 'code',
+            redirect_uri: client.redirect_uri_values.sample,
+          )
+
+          expect(last_response).to be_ok
+          expect(last_response.body).to eq('HOSTED LOGIN')
+        end
+      end
+
       describe 'for an enterprise domain with one SAML provider' do
-        it 'redirects to /auth/saml/:provider_id' do
+        it 'renders the saml login form' do
           enterprise = create(:enterprise_with_okta, oauth_client: client)
 
           get(
@@ -41,9 +55,7 @@ describe Osso::Oauth do
 
           provider_id = enterprise.identity_providers.first.id
 
-          expect(last_response).to be_redirect
-          follow_redirect!
-          expect(last_request.url).to match("auth/saml/#{provider_id}")
+          expect(last_response.body).to match(provider_id)
         end
       end
 
@@ -65,7 +77,7 @@ describe Osso::Oauth do
       end
 
       describe "for an existing user's email address" do
-        it 'redirects to /auth/saml/:provider_id' do
+        it 'renders the saml login form' do
           enterprise = create(:enterprise_with_okta, oauth_client: client)
           provider_id = enterprise.identity_providers.first.id
           user = create(:user, email: "user@#{enterprise.domain}", identity_provider_id: provider_id)
@@ -78,14 +90,12 @@ describe Osso::Oauth do
             redirect_uri: client.redirect_uri_values.sample,
           )
 
-          expect(last_response).to be_redirect
-          follow_redirect!
-          expect(last_request.url).to match("auth/saml/#{provider_id}")
+          expect(last_response.body).to match(provider_id)
         end
       end
 
       describe "for a new user's email address belonging to an enterprise with one SAML provider" do
-        it 'redirects to /auth/saml/:provider_id' do
+        it 'renders the saml login form' do
           enterprise = create(:enterprise_with_okta, oauth_client: client)
 
           get(
@@ -98,9 +108,7 @@ describe Osso::Oauth do
 
           provider_id = enterprise.identity_providers.first.id
 
-          expect(last_response).to be_redirect
-          follow_redirect!
-          expect(last_request.url).to match("auth/saml/#{provider_id}")
+          expect(last_response.body).to match(provider_id)
         end
       end
 

data/spec/spec_helper.rb

@@ -80,5 +80,7 @@ RSpec.configure do |config|
 
   OmniAuth.config.test_mode = true
   OmniAuth.config.logger = Logger.new('/dev/null')
+  OmniAuth.config.request_validation_phase = proc {}
+
   WebMock.disable_net_connect!(allow_localhost: true)
 end

data/spec/support/views/hosted_login.erb

@@ -0,0 +1 @@
+HOSTED LOGIN

data/spec/support/views/saml_login_form.erb

@@ -0,0 +1 @@
+<%= @providers.first.id %>

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: osso
 version: !ruby/object:Gem::Version
-  version: 0.0.6
+  version: 0.1.0
 platform: ruby
 authors:
 - Sam Bauch
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-11-24 00:00:00.000000000 Z
+date: 2021-01-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -108,6 +108,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: posthog-ruby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
@@ -150,6 +164,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack-protection
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.1.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -170,28 +198,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.6.0
+        version: '2.9'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.6.0
+        version: '2.9'
 - !ruby/object:Gem::Dependency
   name: sequel
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 5.37.0
+        version: '5.40'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 5.37.0
+        version: '5.40'
 - !ruby/object:Gem::Dependency
   name: sequel-activerecord_connection
   requirement: !ruby/object:Gem::Requirement
@@ -232,14 +260,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.0.22
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.0.22
 - !ruby/object:Gem::Dependency
   name: sinatra-contrib
   requirement: !ruby/object:Gem::Requirement
@@ -358,6 +386,7 @@ files:
 - lib/osso/db/migrate/20201109160851_add_sso_issuer_to_identity_providers.rb
 - lib/osso/db/migrate/20201110190754_remove_oauth_client_id_from_enterprise_accounts.rb
 - lib/osso/db/migrate/20201112160120_add_ping_to_identity_provider_service_enum.rb
+- lib/osso/db/migrate/20201125143501_add_salesforce_to_provider_service_enum.rb
 - lib/osso/error/account_configuration_error.rb
 - lib/osso/error/error.rb
 - lib/osso/error/missing_saml_attribute_error.rb
@@ -400,6 +429,7 @@ files:
 - lib/osso/graphql/types/oauth_client.rb
 - lib/osso/graphql/types/redirect_uri.rb
 - lib/osso/graphql/types/redirect_uri_input.rb
+- lib/osso/lib/analytics.rb
 - lib/osso/lib/app_config.rb
 - lib/osso/lib/oauth2_token.rb
 - lib/osso/lib/route_map.rb
@@ -448,7 +478,6 @@ files:
 - spec/models/enterprise_account_spec.rb
 - spec/models/identity_provider_spec.rb
 - spec/routes/admin_spec.rb
-- spec/routes/app_spec.rb
 - spec/routes/auth_spec.rb
 - spec/routes/oauth_spec.rb
 - spec/spec_helper.rb
@@ -456,8 +485,10 @@ files:
 - spec/support/spec_app.rb
 - spec/support/views/admin.erb
 - spec/support/views/error.erb
+- spec/support/views/hosted_login.erb
 - spec/support/views/layout.erb
 - spec/support/views/multiple_providers.erb
+- spec/support/views/saml_login_form.erb
 homepage: https://github.com/enterprise-oss/osso-rb
 licenses:
 - MIT

data/spec/routes/app_spec.rb

@@ -1,6 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-
-describe 'App' do
-end