RubyGems - osso - Versions diffs - 0.0.8 → 0.1.2 - Mend

osso 0.0.8 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (43) hide show

checksums.yaml +4 -4
data/.buildkite/pipeline.yml +1 -0
data/.rubocop.yml +4 -16
data/Gemfile +2 -2
data/Gemfile.lock +60 -55
data/Rakefile +1 -0
data/bin/console +3 -0
data/db/schema.rb +4 -4
data/lib/osso.rb +1 -0
data/lib/osso/db/migrate/20210201220556_add_generic_saml_to_provider_service_enum.rb +28 -0
data/lib/osso/graphql/mutations/configure_identity_provider.rb +4 -1
data/lib/osso/graphql/mutations/create_enterprise_account.rb +4 -1
data/lib/osso/graphql/mutations/create_identity_provider.rb +8 -3
data/lib/osso/graphql/mutations/create_oauth_client.rb +4 -1
data/lib/osso/graphql/mutations/delete_enterprise_account.rb +4 -1
data/lib/osso/graphql/mutations/delete_identity_provider.rb +4 -1
data/lib/osso/graphql/mutations/delete_oauth_client.rb +4 -1
data/lib/osso/graphql/mutations/invite_admin_user.rb +6 -0
data/lib/osso/graphql/mutations/regenerate_oauth_credentials.rb +10 -1
data/lib/osso/graphql/mutations/set_redirect_uris.rb +2 -0
data/lib/osso/graphql/mutations/update_app_config.rb +4 -1
data/lib/osso/graphql/query.rb +26 -31
data/lib/osso/graphql/schema.rb +0 -1
data/lib/osso/graphql/types/identity_provider_service.rb +1 -0
data/lib/osso/lib/analytics.rb +55 -0
data/lib/osso/lib/route_map.rb +2 -0
data/lib/osso/models/account.rb +1 -1
data/lib/osso/models/identity_provider.rb +3 -3
data/lib/osso/routes/admin.rb +47 -5
data/lib/osso/routes/auth.rb +2 -0
data/lib/osso/routes/oauth.rb +1 -1
data/lib/osso/version.rb +1 -1
data/lib/tasks/bootstrap.rake +6 -4
data/osso-rb.gemspec +5 -3
data/spec/graphql/mutations/create_identity_provider_spec.rb +1 -1
data/spec/models/identity_provider_spec.rb +1 -1
data/spec/routes/admin_spec.rb +54 -9
data/spec/routes/auth_spec.rb +5 -3
data/spec/routes/oauth_spec.rb +7 -13
data/spec/spec_helper.rb +2 -0
data/spec/support/views/saml_login_form.erb +1 -0
metadata +39 -15
data/spec/routes/app_spec.rb +0 -6

data/spec/graphql/mutations/create_identity_provider_spec.rb CHANGED Viewed

@@ -91,7 +91,7 @@ describe Osso::GraphQL::Schema do
               },
           }
         end
         it 'creates an identity provider' do
           expect { subject }.to change { enterprise_account.identity_providers.count }.by(1)
           expect(subject.dig('data', 'createIdentityProvider', 'identityProvider', 'domain')).

data/spec/models/identity_provider_spec.rb CHANGED Viewed

@@ -66,7 +66,7 @@ describe Osso::Models::IdentityProvider do
           idp_cert: subject.sso_cert,
           idp_sso_target_url: subject.sso_url,
           issuer: subject.sso_issuer,
-          name_identifier_format: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
+          name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
         )
     end
   end

data/spec/routes/admin_spec.rb CHANGED Viewed

@@ -4,23 +4,68 @@ require 'spec_helper'
 describe Osso::Admin do
   describe 'get /admin' do
-    it 'redirects to /login without a session' do
+    it 'renders the admin layout' do
       get('/admin')
-      expect(last_response).to be_redirect
-      follow_redirect!
-      expect(last_request.url).to match('/login')
+      expect(last_response).to be_ok
     end
+  end
-    xit 'renders the admin page for a valid session token' do
-      password = SecureRandom.urlsafe_base64(16)
-      account = create(:verified_account, password: password)
+  describe 'post /graphql' do
+    let(:account) { create(:account) }
-      post('/login', { email: account.email, password: password })
+    it 'runs a GraphQL query with a valid jwt' do
+      allow_any_instance_of(described_class.rodauth).to receive(:logged_in?).and_return(true)
+      allow(Osso::Models::Account).to receive(:find).and_return(account)
+      allow(Osso::GraphQL::Schema).to receive(:execute).and_return({ graphql: true })
-      get('/admin')
+      header 'Content-Type', 'application/json'
+      post('/graphql')
+      expect(last_response).to be_ok
+      expect(last_json_response).to eq({ graphql: true })
+    end
+    it 'returns a 400 for an invalid jwt' do
+      header 'Content-Type', 'application/json'
+      header 'Authorization', 'Bearer bad-token'
+      post('/graphql')
+      expect(last_response.status).to eq 400
+    end
+    it 'returns a 401 without a jwt' do
+      header 'Content-Type', 'application/json'
+      post('/graphql')
+      expect(last_response.status).to eq 401
+    end
+  end
+  describe 'post /idp' do
+    let(:domain) { Faker::Internet.domain_name }
+    before do
+      create(:configured_identity_provider, domain: domain)
+    end
+    it 'returns true when an available IDP is found' do
+      header 'Content-Type', 'application/json'
+      header 'Accept', 'application/json'
+      post('/idp', { domain: domain }.to_json)
+      expect(last_response).to be_ok
+      expect(last_json_response).to eq({ onboarded: true })
+    end
+    it 'returns false when an available IDP is not found' do
+      header 'Content-Type', 'application/json'
+      header 'Accept', 'application/json'
+      post('/idp', { domain: domain.reverse}.to_json)
       expect(last_response).to be_ok
+      expect(last_json_response).to eq({ onboarded: false })
     end
   end
 end

data/spec/routes/auth_spec.rb CHANGED Viewed

@@ -6,12 +6,13 @@ describe Osso::Auth do
   before do
     described_class.set(:views, spec_views)
   end
-  describe 'get /auth/saml/:uuid' do
+  describe 'post /auth/saml/:uuid' do
     describe 'for an Okta SAML provider' do
       let(:enterprise) { create(:enterprise_with_okta) }
       let(:okta_provider) { enterprise.identity_providers.first }
       it 'uses omniauth saml' do
-        get("/auth/saml/#{okta_provider.id}")
+        post("/auth/saml/#{okta_provider.id}")
         expect(last_response).to be_redirect
         follow_redirect!
@@ -23,7 +24,7 @@ describe Osso::Auth do
       let(:enterprise) { create(:enterprise_with_okta) }
       let(:azure_provider) { enterprise.identity_providers.first }
       it 'uses omniauth saml' do
-        get("/auth/saml/#{azure_provider.id}")
+        post("/auth/saml/#{azure_provider.id}")
         expect(last_response).to be_redirect
         follow_redirect!
@@ -31,6 +32,7 @@ describe Osso::Auth do
       end
     end
   end
   describe 'post /auth/saml/:uuid/callback' do
     describe 'for an Okta SAML provider' do
       let(:enterprise) { create(:enterprise_with_okta) }

data/spec/routes/oauth_spec.rb CHANGED Viewed

@@ -28,7 +28,7 @@ describe Osso::Oauth do
       end
       describe 'for a request without email or domain' do
-        it 'redirects to /auth/saml/:provider_id' do
+        it 'renders the hosted login page' do
           get(
             '/oauth/authorize',
             client_id: client.identifier,
@@ -42,7 +42,7 @@ describe Osso::Oauth do
       end
       describe 'for an enterprise domain with one SAML provider' do
-        it 'redirects to /auth/saml/:provider_id' do
+        it 'renders the saml login form' do
           enterprise = create(:enterprise_with_okta, oauth_client: client)
           get(
@@ -55,9 +55,7 @@ describe Osso::Oauth do
           provider_id = enterprise.identity_providers.first.id
-          expect(last_response).to be_redirect
-          follow_redirect!
-          expect(last_request.url).to match("auth/saml/#{provider_id}")
+          expect(last_response.body).to match(provider_id)
         end
       end
@@ -79,7 +77,7 @@ describe Osso::Oauth do
       end
       describe "for an existing user's email address" do
-        it 'redirects to /auth/saml/:provider_id' do
+        it 'renders the saml login form' do
           enterprise = create(:enterprise_with_okta, oauth_client: client)
           provider_id = enterprise.identity_providers.first.id
           user = create(:user, email: "user@#{enterprise.domain}", identity_provider_id: provider_id)
@@ -92,14 +90,12 @@ describe Osso::Oauth do
             redirect_uri: client.redirect_uri_values.sample,
           )
-          expect(last_response).to be_redirect
-          follow_redirect!
-          expect(last_request.url).to match("auth/saml/#{provider_id}")
+          expect(last_response.body).to match(provider_id)
         end
       end
       describe "for a new user's email address belonging to an enterprise with one SAML provider" do
-        it 'redirects to /auth/saml/:provider_id' do
+        it 'renders the saml login form' do
           enterprise = create(:enterprise_with_okta, oauth_client: client)
           get(
@@ -112,9 +108,7 @@ describe Osso::Oauth do
           provider_id = enterprise.identity_providers.first.id
-          expect(last_response).to be_redirect
-          follow_redirect!
-          expect(last_request.url).to match("auth/saml/#{provider_id}")
+          expect(last_response.body).to match(provider_id)
         end
       end

data/spec/spec_helper.rb CHANGED Viewed

@@ -80,5 +80,7 @@ RSpec.configure do |config|
   OmniAuth.config.test_mode = true
   OmniAuth.config.logger = Logger.new('/dev/null')
+  OmniAuth.config.request_validation_phase = proc {}
   WebMock.disable_net_connect!(allow_localhost: true)
 end

data/spec/support/views/saml_login_form.erb ADDED Viewed

	@@ -0,0 +1 @@
1	+ <%= @providers.first.id %>

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: osso
 version: !ruby/object:Gem::Version
-  version: 0.0.8
+  version: 0.1.2
 platform: ruby
 authors:
 - Sam Bauch
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-12-11 00:00:00.000000000 Z
+date: 2021-02-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -108,6 +108,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: posthog-ruby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
@@ -150,6 +164,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack-protection
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.1.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -170,32 +198,26 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.6.0
+        version: '2.9'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.6.0
+        version: '2.9'
 - !ruby/object:Gem::Dependency
   name: sequel
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '5.37'
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '5.40'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '5.37'
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '5.40'
 - !ruby/object:Gem::Dependency
@@ -238,14 +260,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.0.22
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.0.22
 - !ruby/object:Gem::Dependency
   name: sinatra-contrib
   requirement: !ruby/object:Gem::Requirement
@@ -365,6 +387,7 @@ files:
 - lib/osso/db/migrate/20201110190754_remove_oauth_client_id_from_enterprise_accounts.rb
 - lib/osso/db/migrate/20201112160120_add_ping_to_identity_provider_service_enum.rb
 - lib/osso/db/migrate/20201125143501_add_salesforce_to_provider_service_enum.rb
+- lib/osso/db/migrate/20210201220556_add_generic_saml_to_provider_service_enum.rb
 - lib/osso/error/account_configuration_error.rb
 - lib/osso/error/error.rb
 - lib/osso/error/missing_saml_attribute_error.rb
@@ -407,6 +430,7 @@ files:
 - lib/osso/graphql/types/oauth_client.rb
 - lib/osso/graphql/types/redirect_uri.rb
 - lib/osso/graphql/types/redirect_uri_input.rb
+- lib/osso/lib/analytics.rb
 - lib/osso/lib/app_config.rb
 - lib/osso/lib/oauth2_token.rb
 - lib/osso/lib/route_map.rb
@@ -455,7 +479,6 @@ files:
 - spec/models/enterprise_account_spec.rb
 - spec/models/identity_provider_spec.rb
 - spec/routes/admin_spec.rb
-- spec/routes/app_spec.rb
 - spec/routes/auth_spec.rb
 - spec/routes/oauth_spec.rb
 - spec/spec_helper.rb
@@ -466,6 +489,7 @@ files:
 - spec/support/views/hosted_login.erb
 - spec/support/views/layout.erb
 - spec/support/views/multiple_providers.erb
+- spec/support/views/saml_login_form.erb
 homepage: https://github.com/enterprise-oss/osso-rb
 licenses:
 - MIT

data/spec/routes/app_spec.rb DELETED Viewed

@@ -1,6 +0,0 @@
-# frozen_string_literal: true
-require 'spec_helper'
-describe 'App' do
-end