osso 0.0.6 → 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.buildkite/pipeline.yml +1 -0
- data/.rubocop.yml +4 -16
- data/Gemfile +3 -3
- data/Gemfile.lock +76 -70
- data/Rakefile +3 -0
- data/bin/console +3 -0
- data/db/schema.rb +2 -2
- data/lib/osso.rb +1 -0
- data/lib/osso/db/migrate/20201125143501_add_salesforce_to_provider_service_enum.rb +28 -0
- data/lib/osso/graphql/mutations/configure_identity_provider.rb +4 -1
- data/lib/osso/graphql/mutations/create_enterprise_account.rb +4 -1
- data/lib/osso/graphql/mutations/create_identity_provider.rb +8 -3
- data/lib/osso/graphql/mutations/create_oauth_client.rb +4 -1
- data/lib/osso/graphql/mutations/delete_enterprise_account.rb +4 -1
- data/lib/osso/graphql/mutations/delete_identity_provider.rb +4 -1
- data/lib/osso/graphql/mutations/delete_oauth_client.rb +4 -1
- data/lib/osso/graphql/mutations/invite_admin_user.rb +6 -0
- data/lib/osso/graphql/mutations/regenerate_oauth_credentials.rb +10 -1
- data/lib/osso/graphql/mutations/set_redirect_uris.rb +2 -0
- data/lib/osso/graphql/mutations/update_app_config.rb +4 -1
- data/lib/osso/graphql/query.rb +26 -31
- data/lib/osso/graphql/schema.rb +0 -1
- data/lib/osso/graphql/types/identity_provider_service.rb +1 -0
- data/lib/osso/lib/analytics.rb +55 -0
- data/lib/osso/lib/route_map.rb +2 -0
- data/lib/osso/models/account.rb +1 -1
- data/lib/osso/models/identity_provider.rb +3 -2
- data/lib/osso/routes/admin.rb +37 -5
- data/lib/osso/routes/auth.rb +2 -0
- data/lib/osso/routes/oauth.rb +10 -4
- data/lib/osso/version.rb +1 -1
- data/lib/tasks/bootstrap.rake +6 -4
- data/osso-rb.gemspec +5 -3
- data/spec/graphql/mutations/create_identity_provider_spec.rb +1 -1
- data/spec/models/identity_provider_spec.rb +1 -0
- data/spec/routes/admin_spec.rb +27 -9
- data/spec/routes/auth_spec.rb +5 -3
- data/spec/routes/oauth_spec.rb +20 -12
- data/spec/spec_helper.rb +2 -0
- data/spec/support/views/hosted_login.erb +1 -0
- data/spec/support/views/saml_login_form.erb +1 -0
- metadata +40 -9
- data/spec/routes/app_spec.rb +0 -6
data/osso-rb.gemspec
CHANGED
@@ -22,15 +22,17 @@ Gem::Specification.new do |spec|
|
|
22
22
|
spec.add_runtime_dependency 'mail', '~> 2.7.1'
|
23
23
|
spec.add_runtime_dependency 'omniauth-multi-provider'
|
24
24
|
spec.add_runtime_dependency 'omniauth-saml'
|
25
|
+
spec.add_runtime_dependency 'posthog-ruby'
|
25
26
|
spec.add_runtime_dependency 'rack', '>= 2.1.4'
|
26
27
|
spec.add_runtime_dependency 'rack-contrib'
|
27
28
|
spec.add_runtime_dependency 'rack-oauth2'
|
29
|
+
spec.add_runtime_dependency 'rack-protection', '~> 2.1.0'
|
28
30
|
spec.add_runtime_dependency 'rake'
|
29
|
-
spec.add_runtime_dependency 'rodauth', '~> 2.
|
30
|
-
spec.add_runtime_dependency 'sequel', '~> 5.
|
31
|
+
spec.add_runtime_dependency 'rodauth', '~> 2.9'
|
32
|
+
spec.add_runtime_dependency 'sequel', '~> 5.40'
|
31
33
|
spec.add_runtime_dependency 'sequel-activerecord_connection', '>= 0.3', '< 2.0'
|
32
34
|
spec.add_runtime_dependency 'sinatra'
|
33
|
-
spec.add_runtime_dependency 'sinatra-activerecord'
|
35
|
+
spec.add_runtime_dependency 'sinatra-activerecord', '>= 2.0.22'
|
34
36
|
spec.add_runtime_dependency 'sinatra-contrib'
|
35
37
|
|
36
38
|
spec.add_development_dependency 'annotate', '~> 3.1'
|
@@ -91,7 +91,7 @@ describe Osso::GraphQL::Schema do
|
|
91
91
|
},
|
92
92
|
}
|
93
93
|
end
|
94
|
-
|
94
|
+
|
95
95
|
it 'creates an identity provider' do
|
96
96
|
expect { subject }.to change { enterprise_account.identity_providers.count }.by(1)
|
97
97
|
expect(subject.dig('data', 'createIdentityProvider', 'identityProvider', 'domain')).
|
data/spec/routes/admin_spec.rb
CHANGED
@@ -4,23 +4,41 @@ require 'spec_helper'
|
|
4
4
|
|
5
5
|
describe Osso::Admin do
|
6
6
|
describe 'get /admin' do
|
7
|
-
it '
|
7
|
+
it 'renders the admin layout' do
|
8
8
|
get('/admin')
|
9
9
|
|
10
|
-
expect(last_response).to
|
11
|
-
follow_redirect!
|
12
|
-
expect(last_request.url).to match('/login')
|
10
|
+
expect(last_response).to be_ok
|
13
11
|
end
|
12
|
+
end
|
14
13
|
|
15
|
-
|
16
|
-
|
17
|
-
account = create(:verified_account, password: password)
|
14
|
+
describe 'post /graphql' do
|
15
|
+
let(:account) { create(:account) }
|
18
16
|
|
19
|
-
|
17
|
+
it 'runs a GraphQL query with a valid jwt' do
|
18
|
+
allow_any_instance_of(described_class.rodauth).to receive(:logged_in?).and_return(true)
|
19
|
+
allow(Osso::Models::Account).to receive(:find).and_return(account)
|
20
|
+
allow(Osso::GraphQL::Schema).to receive(:execute).and_return({ graphql: true })
|
20
21
|
|
21
|
-
|
22
|
+
header 'Content-Type', 'application/json'
|
23
|
+
post('/graphql')
|
22
24
|
|
23
25
|
expect(last_response).to be_ok
|
26
|
+
expect(last_json_response).to eq({ graphql: true })
|
27
|
+
end
|
28
|
+
|
29
|
+
it 'returns a 400 for an invalid jwt' do
|
30
|
+
header 'Content-Type', 'application/json'
|
31
|
+
header 'Authorization', 'Bearer bad-token'
|
32
|
+
post('/graphql')
|
33
|
+
|
34
|
+
expect(last_response.status).to eq 400
|
35
|
+
end
|
36
|
+
|
37
|
+
it 'returns a 401 without a jwt' do
|
38
|
+
header 'Content-Type', 'application/json'
|
39
|
+
post('/graphql')
|
40
|
+
|
41
|
+
expect(last_response.status).to eq 401
|
24
42
|
end
|
25
43
|
end
|
26
44
|
end
|
data/spec/routes/auth_spec.rb
CHANGED
@@ -6,12 +6,13 @@ describe Osso::Auth do
|
|
6
6
|
before do
|
7
7
|
described_class.set(:views, spec_views)
|
8
8
|
end
|
9
|
-
|
9
|
+
|
10
|
+
describe 'post /auth/saml/:uuid' do
|
10
11
|
describe 'for an Okta SAML provider' do
|
11
12
|
let(:enterprise) { create(:enterprise_with_okta) }
|
12
13
|
let(:okta_provider) { enterprise.identity_providers.first }
|
13
14
|
it 'uses omniauth saml' do
|
14
|
-
|
15
|
+
post("/auth/saml/#{okta_provider.id}")
|
15
16
|
|
16
17
|
expect(last_response).to be_redirect
|
17
18
|
follow_redirect!
|
@@ -23,7 +24,7 @@ describe Osso::Auth do
|
|
23
24
|
let(:enterprise) { create(:enterprise_with_okta) }
|
24
25
|
let(:azure_provider) { enterprise.identity_providers.first }
|
25
26
|
it 'uses omniauth saml' do
|
26
|
-
|
27
|
+
post("/auth/saml/#{azure_provider.id}")
|
27
28
|
|
28
29
|
expect(last_response).to be_redirect
|
29
30
|
follow_redirect!
|
@@ -31,6 +32,7 @@ describe Osso::Auth do
|
|
31
32
|
end
|
32
33
|
end
|
33
34
|
end
|
35
|
+
|
34
36
|
describe 'post /auth/saml/:uuid/callback' do
|
35
37
|
describe 'for an Okta SAML provider' do
|
36
38
|
let(:enterprise) { create(:enterprise_with_okta) }
|
data/spec/routes/oauth_spec.rb
CHANGED
@@ -27,8 +27,22 @@ describe Osso::Oauth do
|
|
27
27
|
end
|
28
28
|
end
|
29
29
|
|
30
|
+
describe 'for a request without email or domain' do
|
31
|
+
it 'renders the hosted login page' do
|
32
|
+
get(
|
33
|
+
'/oauth/authorize',
|
34
|
+
client_id: client.identifier,
|
35
|
+
response_type: 'code',
|
36
|
+
redirect_uri: client.redirect_uri_values.sample,
|
37
|
+
)
|
38
|
+
|
39
|
+
expect(last_response).to be_ok
|
40
|
+
expect(last_response.body).to eq('HOSTED LOGIN')
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
30
44
|
describe 'for an enterprise domain with one SAML provider' do
|
31
|
-
it '
|
45
|
+
it 'renders the saml login form' do
|
32
46
|
enterprise = create(:enterprise_with_okta, oauth_client: client)
|
33
47
|
|
34
48
|
get(
|
@@ -41,9 +55,7 @@ describe Osso::Oauth do
|
|
41
55
|
|
42
56
|
provider_id = enterprise.identity_providers.first.id
|
43
57
|
|
44
|
-
expect(last_response).to
|
45
|
-
follow_redirect!
|
46
|
-
expect(last_request.url).to match("auth/saml/#{provider_id}")
|
58
|
+
expect(last_response.body).to match(provider_id)
|
47
59
|
end
|
48
60
|
end
|
49
61
|
|
@@ -65,7 +77,7 @@ describe Osso::Oauth do
|
|
65
77
|
end
|
66
78
|
|
67
79
|
describe "for an existing user's email address" do
|
68
|
-
it '
|
80
|
+
it 'renders the saml login form' do
|
69
81
|
enterprise = create(:enterprise_with_okta, oauth_client: client)
|
70
82
|
provider_id = enterprise.identity_providers.first.id
|
71
83
|
user = create(:user, email: "user@#{enterprise.domain}", identity_provider_id: provider_id)
|
@@ -78,14 +90,12 @@ describe Osso::Oauth do
|
|
78
90
|
redirect_uri: client.redirect_uri_values.sample,
|
79
91
|
)
|
80
92
|
|
81
|
-
expect(last_response).to
|
82
|
-
follow_redirect!
|
83
|
-
expect(last_request.url).to match("auth/saml/#{provider_id}")
|
93
|
+
expect(last_response.body).to match(provider_id)
|
84
94
|
end
|
85
95
|
end
|
86
96
|
|
87
97
|
describe "for a new user's email address belonging to an enterprise with one SAML provider" do
|
88
|
-
it '
|
98
|
+
it 'renders the saml login form' do
|
89
99
|
enterprise = create(:enterprise_with_okta, oauth_client: client)
|
90
100
|
|
91
101
|
get(
|
@@ -98,9 +108,7 @@ describe Osso::Oauth do
|
|
98
108
|
|
99
109
|
provider_id = enterprise.identity_providers.first.id
|
100
110
|
|
101
|
-
expect(last_response).to
|
102
|
-
follow_redirect!
|
103
|
-
expect(last_request.url).to match("auth/saml/#{provider_id}")
|
111
|
+
expect(last_response.body).to match(provider_id)
|
104
112
|
end
|
105
113
|
end
|
106
114
|
|
data/spec/spec_helper.rb
CHANGED
@@ -0,0 +1 @@
|
|
1
|
+
HOSTED LOGIN
|
@@ -0,0 +1 @@
|
|
1
|
+
<%= @providers.first.id %>
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: osso
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0
|
4
|
+
version: 0.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sam Bauch
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-01-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -108,6 +108,20 @@ dependencies:
|
|
108
108
|
- - ">="
|
109
109
|
- !ruby/object:Gem::Version
|
110
110
|
version: '0'
|
111
|
+
- !ruby/object:Gem::Dependency
|
112
|
+
name: posthog-ruby
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - ">="
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '0'
|
118
|
+
type: :runtime
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - ">="
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '0'
|
111
125
|
- !ruby/object:Gem::Dependency
|
112
126
|
name: rack
|
113
127
|
requirement: !ruby/object:Gem::Requirement
|
@@ -150,6 +164,20 @@ dependencies:
|
|
150
164
|
- - ">="
|
151
165
|
- !ruby/object:Gem::Version
|
152
166
|
version: '0'
|
167
|
+
- !ruby/object:Gem::Dependency
|
168
|
+
name: rack-protection
|
169
|
+
requirement: !ruby/object:Gem::Requirement
|
170
|
+
requirements:
|
171
|
+
- - "~>"
|
172
|
+
- !ruby/object:Gem::Version
|
173
|
+
version: 2.1.0
|
174
|
+
type: :runtime
|
175
|
+
prerelease: false
|
176
|
+
version_requirements: !ruby/object:Gem::Requirement
|
177
|
+
requirements:
|
178
|
+
- - "~>"
|
179
|
+
- !ruby/object:Gem::Version
|
180
|
+
version: 2.1.0
|
153
181
|
- !ruby/object:Gem::Dependency
|
154
182
|
name: rake
|
155
183
|
requirement: !ruby/object:Gem::Requirement
|
@@ -170,28 +198,28 @@ dependencies:
|
|
170
198
|
requirements:
|
171
199
|
- - "~>"
|
172
200
|
- !ruby/object:Gem::Version
|
173
|
-
version: 2.
|
201
|
+
version: '2.9'
|
174
202
|
type: :runtime
|
175
203
|
prerelease: false
|
176
204
|
version_requirements: !ruby/object:Gem::Requirement
|
177
205
|
requirements:
|
178
206
|
- - "~>"
|
179
207
|
- !ruby/object:Gem::Version
|
180
|
-
version: 2.
|
208
|
+
version: '2.9'
|
181
209
|
- !ruby/object:Gem::Dependency
|
182
210
|
name: sequel
|
183
211
|
requirement: !ruby/object:Gem::Requirement
|
184
212
|
requirements:
|
185
213
|
- - "~>"
|
186
214
|
- !ruby/object:Gem::Version
|
187
|
-
version: 5.
|
215
|
+
version: '5.40'
|
188
216
|
type: :runtime
|
189
217
|
prerelease: false
|
190
218
|
version_requirements: !ruby/object:Gem::Requirement
|
191
219
|
requirements:
|
192
220
|
- - "~>"
|
193
221
|
- !ruby/object:Gem::Version
|
194
|
-
version: 5.
|
222
|
+
version: '5.40'
|
195
223
|
- !ruby/object:Gem::Dependency
|
196
224
|
name: sequel-activerecord_connection
|
197
225
|
requirement: !ruby/object:Gem::Requirement
|
@@ -232,14 +260,14 @@ dependencies:
|
|
232
260
|
requirements:
|
233
261
|
- - ">="
|
234
262
|
- !ruby/object:Gem::Version
|
235
|
-
version:
|
263
|
+
version: 2.0.22
|
236
264
|
type: :runtime
|
237
265
|
prerelease: false
|
238
266
|
version_requirements: !ruby/object:Gem::Requirement
|
239
267
|
requirements:
|
240
268
|
- - ">="
|
241
269
|
- !ruby/object:Gem::Version
|
242
|
-
version:
|
270
|
+
version: 2.0.22
|
243
271
|
- !ruby/object:Gem::Dependency
|
244
272
|
name: sinatra-contrib
|
245
273
|
requirement: !ruby/object:Gem::Requirement
|
@@ -358,6 +386,7 @@ files:
|
|
358
386
|
- lib/osso/db/migrate/20201109160851_add_sso_issuer_to_identity_providers.rb
|
359
387
|
- lib/osso/db/migrate/20201110190754_remove_oauth_client_id_from_enterprise_accounts.rb
|
360
388
|
- lib/osso/db/migrate/20201112160120_add_ping_to_identity_provider_service_enum.rb
|
389
|
+
- lib/osso/db/migrate/20201125143501_add_salesforce_to_provider_service_enum.rb
|
361
390
|
- lib/osso/error/account_configuration_error.rb
|
362
391
|
- lib/osso/error/error.rb
|
363
392
|
- lib/osso/error/missing_saml_attribute_error.rb
|
@@ -400,6 +429,7 @@ files:
|
|
400
429
|
- lib/osso/graphql/types/oauth_client.rb
|
401
430
|
- lib/osso/graphql/types/redirect_uri.rb
|
402
431
|
- lib/osso/graphql/types/redirect_uri_input.rb
|
432
|
+
- lib/osso/lib/analytics.rb
|
403
433
|
- lib/osso/lib/app_config.rb
|
404
434
|
- lib/osso/lib/oauth2_token.rb
|
405
435
|
- lib/osso/lib/route_map.rb
|
@@ -448,7 +478,6 @@ files:
|
|
448
478
|
- spec/models/enterprise_account_spec.rb
|
449
479
|
- spec/models/identity_provider_spec.rb
|
450
480
|
- spec/routes/admin_spec.rb
|
451
|
-
- spec/routes/app_spec.rb
|
452
481
|
- spec/routes/auth_spec.rb
|
453
482
|
- spec/routes/oauth_spec.rb
|
454
483
|
- spec/spec_helper.rb
|
@@ -456,8 +485,10 @@ files:
|
|
456
485
|
- spec/support/spec_app.rb
|
457
486
|
- spec/support/views/admin.erb
|
458
487
|
- spec/support/views/error.erb
|
488
|
+
- spec/support/views/hosted_login.erb
|
459
489
|
- spec/support/views/layout.erb
|
460
490
|
- spec/support/views/multiple_providers.erb
|
491
|
+
- spec/support/views/saml_login_form.erb
|
461
492
|
homepage: https://github.com/enterprise-oss/osso-rb
|
462
493
|
licenses:
|
463
494
|
- MIT
|