osso 0.0.3.11 → 0.0.3.12

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ffe9bf4e6f4de963af60c998d318a471e1ff3e33ef5a6c544c8923de762020bc
-  data.tar.gz: a994f84634c584268e517688ec62b61315da4fa1ab2ea05787305b34deb964f5
+  metadata.gz: 3ad3a661abfa7e2251cf7244221ad6e28899c490b732e6c9098f5bf91c903c4e
+  data.tar.gz: 3a691f8537a801d2b7302ac3f34e5ea5b74aae9a60fea18470ac50ec5569ec96
 SHA512:
-  metadata.gz: 6c4e301385bb83a8ca5f7d66e4a3b3383c7ea3f58f395dc83e1cbadadb2a6896e1852ed787ae9a33a37a2871c3d5c28e5f33e072b7980ad904f958e95b4addb8
-  data.tar.gz: 8529f13cc30d05946b7fa798b117483dd20b9415d27b6caccecfff228a666b73bfd1f36ceb7e19d7977803159a56aff0eca9075cb380fe7fde3ce560a1847217
+  metadata.gz: 35d25337aff8ad4fd8b6d49d34e20226f61725c8a437da30f70cb393a9078b988a4d10847911d0da10ba34f4940488c059829448c006723a5bafc6187a8c5576
+  data.tar.gz: 8011819d4ac2c59f0b8fc37470cfd9b2357f9bfeda12e6e4ea1f07c691beba99c2d409b8a2356eb7917edd02c7ae7beaf72860fa70bd3bf31ea5fc4eb6aded79

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    osso (0.0.3.11)
+    osso (0.0.3.12)
       activesupport (>= 6.0.3.2)
       graphql
       jwt

data/lib/osso/graphql/mutation.rb

@@ -6,12 +6,16 @@ module Osso
   module GraphQL
     module Types
       class MutationType < BaseObject
+        field :add_redirect_uris_to_oauth_client, mutation: Mutations::AddRedirectUrisToOauthClient, null: false
         field :configure_identity_provider, mutation: Mutations::ConfigureIdentityProvider, null: true
         field :create_identity_provider, mutation: Mutations::CreateIdentityProvider
         field :create_enterprise_account, mutation: Mutations::CreateEnterpriseAccount
         field :create_oauth_client, mutation: Mutations::CreateOauthClient
         field :delete_enterprise_account, mutation: Mutations::DeleteEnterpriseAccount
         field :delete_oauth_client, mutation: Mutations::DeleteOauthClient
+        field :delete_redirect_uri, mutation: Mutations::DeleteRedirectUri
+        field :mark_redirect_uri_primary, mutation: Mutations::MarkRedirectUriPrimary
+        field :regenerate_oauth_credentials, mutation: Mutations::RegenerateOauthCredentials
       end
     end
   end

data/lib/osso/graphql/mutations.rb

@@ -6,9 +6,13 @@ module Osso
 end
 
 require_relative 'mutations/base_mutation'
+require_relative 'mutations/add_redirect_uris_to_oauth_client'
 require_relative 'mutations/configure_identity_provider'
 require_relative 'mutations/create_identity_provider'
 require_relative 'mutations/create_enterprise_account'
 require_relative 'mutations/create_oauth_client'
 require_relative 'mutations/delete_enterprise_account'
 require_relative 'mutations/delete_oauth_client'
+require_relative 'mutations/delete_redirect_uri'
+require_relative 'mutations/mark_redirect_uri_primary'
+require_relative 'mutations/regenerate_oauth_credentials'

data/lib/osso/graphql/mutations/add_redirect_uris_to_oauth_client.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module Osso
+  module GraphQL
+    module Mutations
+      class AddRedirectUrisToOauthClient < BaseMutation
+        null false
+
+        argument :oauth_client_id, ID, required: true
+        argument :uris, [String], required: true
+
+        field :oauth_client, Types::OauthClient, null: true
+        field :errors, [String], null: false
+
+        def resolve(oauth_client_id:, uris:)
+          oauth_client = Osso::Models::OauthClient.find(oauth_client_id)
+
+          uris.each do |uri|
+            oauth_client.redirect_uris.create(uri: uri)
+          end
+
+          unless oauth_client.primary_redirect_uri
+            oauth_client.reload.redirect_uris.first.update(primary: true)
+          end
+
+          response_data(oauth_client: oauth_client.reload)
+        rescue StandardError => e
+          response_error(errors: e.message)
+        end
+
+        def ready?(*)
+          return true if context[:scope] == :admin
+
+          raise ::GraphQL::ExecutionError, 'Only admin users may mutate OauthClients'
+        end
+      end
+    end
+  end
+end

data/lib/osso/graphql/mutations/delete_redirect_uri.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module Osso
+  module GraphQL
+    module Mutations
+      class DeleteRedirectUri < BaseMutation
+        null false
+
+        argument :id, ID, required: true
+
+        field :oauth_client, Types::OauthClient, null: true
+        field :errors, [String], null: false
+
+        def resolve(id:)
+          redirect_uri = Osso::Models::RedirectUri.find(id)
+
+          oauth_client = redirect_uri.oauth_client
+
+          redirect_uri.destroy
+
+          if redirect_uri.primary
+            oauth_client.redirect_uris.first&.update(primary: true)
+          end
+
+          return response_data(oauth_client: oauth_client.reload) if redirect_uri.destroy
+
+          response_error(errors: redirect_uri.errors.full_messages)
+        end
+
+        def ready?(*)
+          return true if context[:scope] == :admin
+
+          raise ::GraphQL::ExecutionError, 'Only admin users may mutate OauthClients'
+        end
+      end
+    end
+  end
+end

data/lib/osso/graphql/mutations/mark_redirect_uri_primary.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module Osso
+  module GraphQL
+    module Mutations
+      class MarkRedirectUriPrimary < BaseMutation
+        null false
+
+        argument :id, ID, required: true
+
+        field :oauth_client, Types::OauthClient, null: true
+        field :errors, [String], null: false
+
+        def resolve(id:)
+          redirect_uri = Osso::Models::RedirectUri.find(id)
+          oauth_client = redirect_uri.oauth_client
+
+          oauth_client.redirect_uris.update(primary: false)
+          redirect_uri.update(primary: true)
+
+          response_data(oauth_client: oauth_client.reload)
+        rescue StandardError => e
+          response_error(errors: e.message)
+        end
+
+        def ready?(*)
+          return true if context[:scope] == :admin
+
+          raise ::GraphQL::ExecutionError, 'Only admin users may mutate OauthClients'
+        end
+      end
+    end
+  end
+end

data/lib/osso/graphql/mutations/regenerate_oauth_credentials.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Osso
+  module GraphQL
+    module Mutations
+      class RegenerateOauthCredentials < BaseMutation
+        null false
+
+        argument :id, ID, required: true
+
+        field :oauth_client, Types::OauthClient, null: false
+        field :errors, [String], null: false
+
+        def resolve(id:)
+          oauth_client = Osso::Models::OauthClient.find(id)
+          oauth_client.generate_secrets
+          
+          return response_data(oauth_client: oauth_client) if oauth_client.save
+        
+          response_error(errors: oauth_client.errors.full_messages)
+        end
+
+        def ready?(*)
+          return true if context[:scope] == :admin
+
+          raise ::GraphQL::ExecutionError, 'Only admin users may mutate OauthClients'
+        end
+      end
+    end
+  end
+end

data/lib/osso/graphql/query.rb

@@ -8,12 +8,13 @@ module Osso
           argument :sort_column, String, required: false
           argument :sort_order, String, required: false
         end
-        field :oauth_clients, null: true, resolver: Resolvers::OAuthClients
 
         field :enterprise_account, null: true, resolver: Resolvers::EnterpriseAccount do
           argument :domain, String, required: true
         end
 
+        field :oauth_clients, null: true, resolver: Resolvers::OAuthClients
+
         field(
           :identity_provider,
           Types::IdentityProvider,
@@ -22,6 +23,15 @@ module Osso
         ) do
           argument :id, ID, required: true
         end
+
+        field(
+          :oauth_client,
+          Types::OauthClient,
+          null: true,
+          resolve: ->(_obj, args, _context) { Osso::Models::OauthClient.find(args[:id]) },
+        ) do
+          argument :id, ID, required: true
+        end
       end
     end
   end

data/lib/osso/graphql/types.rb

@@ -13,5 +13,6 @@ require_relative 'types/identity_provider_service'
 require_relative 'types/identity_provider_status'
 require_relative 'types/identity_provider'
 require_relative 'types/enterprise_account'
+require_relative 'types/redirect_uri'
 require_relative 'types/oauth_client'
 require_relative 'types/user'

data/lib/osso/graphql/types/oauth_client.rb

@@ -14,6 +14,7 @@ module Osso
         field :name, String, null: false
         field :client_id, String, null: false
         field :client_secret, String, null: false
+        field :redirect_uris, [Types::RedirectUri], null: true
 
         def client_id
           object.identifier

data/lib/osso/graphql/types/redirect_uri.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require 'graphql'
+
+module Osso
+  module GraphQL
+    module Types
+      class RedirectUri < Types::BaseObject
+        description 'An allowed redirect URI for an OauthClient'
+        implements ::GraphQL::Types::Relay::Node
+
+        global_id_field :gid
+        field :id, ID, null: false
+        field :uri, String, null: false
+        field :primary, Boolean, null: false
+
+        def self.authorized?(object, context)
+          super && context[:scope] == :admin
+        end
+      end
+    end
+  end
+end

data/lib/osso/helpers/auth.rb

@@ -14,6 +14,8 @@ module Osso
         redirect ENV['JWT_URL']
       end
 
+      # use client id in payload to restrict customer
+      # users from accessing dev?
       def enterprise_authorized?(_domain)
         payload, _args = decode(token)
 

data/lib/osso/models/oauth_client.rb

@@ -9,21 +9,15 @@ module Osso
       has_many :identity_providers
       has_many :redirect_uris
 
-      before_validation :setup, on: :create
+      before_validation :generate_secrets, on: :create
       validates :name, :secret, presence: true
       validates :identifier, presence: true, uniqueness: true
 
-      def default_redirect_uri
+      def primary_redirect_uri
         redirect_uris.find(&:primary)
       end
 
-      def redirect_uri_values
-        redirect_uris.map(&:uri)
-      end
-
-      private
-
-      def setup
+      def generate_secrets
         self.identifier = SecureRandom.hex(16)
         self.secret = SecureRandom.hex(32)
       end

data/lib/osso/routes/admin.rb

@@ -36,6 +36,12 @@ module Osso
 
         erb :admin
       end
+
+      get '/config/:id' do
+        admin_protected!
+
+        erb :admin
+      end
     end
   end
 end

data/lib/osso/routes/auth.rb

@@ -23,7 +23,7 @@ module Osso
         self,
         provider_name: 'saml',
         identity_provider_id_regex: UUID_REGEXP,
-        path_prefix: '/saml',
+        path_prefix: '/auth/saml',
         callback_suffix: 'callback',
       ) do |identity_provider_id, _env|
         provider = Models::IdentityProvider.find(identity_provider_id)

data/lib/osso/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Osso
-  VERSION = '0.0.3.11'
+  VERSION = '0.0.3.12'
 end

data/spec/routes/auth_spec.rb

@@ -3,6 +3,31 @@
 require 'spec_helper'
 
 describe Osso::Auth do
+  describe 'get /auth/saml/:uuid' do
+    describe 'for an Okta SAML provider' do
+      let(:enterprise) { create(:enterprise_with_okta) }
+      let(:okta_provider) { enterprise.identity_providers.first }
+      it 'uses omniauth saml' do
+        get("/auth/saml/#{okta_provider.id}")
+
+        expect(last_response).to be_redirect
+        follow_redirect!
+        expect(last_request.url).to match("auth/saml/#{okta_provider.id}")
+      end
+    end
+
+    describe 'for an Azure SAML provider' do
+      let(:enterprise) { create(:enterprise_with_okta) }
+      let(:azure_provider) { enterprise.identity_providers.first }
+      it 'uses omniauth saml' do
+        get("/auth/saml/#{azure_provider.id}")
+
+        expect(last_response).to be_redirect
+        follow_redirect!
+        expect(last_request.url).to match("auth/saml/#{azure_provider.id}")
+      end
+    end
+  end
   describe 'post /auth/saml/:uuid/callback' do
     describe 'for an Okta SAML provider' do
       let(:enterprise) { create(:enterprise_with_okta) }

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: osso
 version: !ruby/object:Gem::Version
-  version: 0.0.3.11
+  version: 0.0.3.12
 platform: ruby
 authors:
 - Sam Bauch
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-07-27 00:00:00.000000000 Z
+date: 2020-08-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -271,6 +271,7 @@ files:
 - lib/osso/graphql/.DS_Store
 - lib/osso/graphql/mutation.rb
 - lib/osso/graphql/mutations.rb
+- lib/osso/graphql/mutations/add_redirect_uris_to_oauth_client.rb
 - lib/osso/graphql/mutations/base_mutation.rb
 - lib/osso/graphql/mutations/configure_identity_provider.rb
 - lib/osso/graphql/mutations/create_enterprise_account.rb
@@ -278,6 +279,9 @@ files:
 - lib/osso/graphql/mutations/create_oauth_client.rb
 - lib/osso/graphql/mutations/delete_enterprise_account.rb
 - lib/osso/graphql/mutations/delete_oauth_client.rb
+- lib/osso/graphql/mutations/delete_redirect_uri.rb
+- lib/osso/graphql/mutations/mark_redirect_uri_primary.rb
+- lib/osso/graphql/mutations/regenerate_oauth_credentials.rb
 - lib/osso/graphql/query.rb
 - lib/osso/graphql/resolvers.rb
 - lib/osso/graphql/resolvers/enterprise_account.rb
@@ -294,6 +298,7 @@ files:
 - lib/osso/graphql/types/identity_provider_service.rb
 - lib/osso/graphql/types/identity_provider_status.rb
 - lib/osso/graphql/types/oauth_client.rb
+- lib/osso/graphql/types/redirect_uri.rb
 - lib/osso/graphql/types/user.rb
 - lib/osso/helpers/auth.rb
 - lib/osso/helpers/helpers.rb