osso 0.0.3.4 → 0.0.3.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7da5a91a5eda62f96a11772d72afc0e1477e586218233466d2dcd37a89e2aabf
-  data.tar.gz: 839e333e245142b6fc29738242293f205bae28a4e768e9f35b87d0572708f9f4
+  metadata.gz: abe7c30a149dfc3e0b0c457317b07065503bb551e1b93bd9e2a98443460eb426
+  data.tar.gz: 41b7772e2a15c6507104b3ceb4922db9b72f9071ac5d0763bb51334bce324a83
 SHA512:
-  metadata.gz: 8ede35265fed16afeb20d28608c8b74053ed5e5f11e6a393df87395f5d0ec30f7a58a84834a99bd6c8a16cbe21eaee5f22a4fdec4c0bbf3a7e5d49a760b53f85
-  data.tar.gz: 3c37e0256ee1758ce915c25ce3d7b83e070ef2cadba85c41649c13b3ede1fa0371eeb10757ce990e47a8669edc3b65424749cf62b5fa8d46f21a132285302e08
+  metadata.gz: 90647d30bd113058d75d2e958ac6f116fa26a5e1262460795adbeb438e99dc3fe93ab57610dd705c1ca07a3daf7fb52eba1f651e47979fbc8494ca159cfe8712
+  data.tar.gz: 7922ea24bdfff89d21e3f615e8decc4b88c6f672512f5fb04405061c09a178bbe6ab10addec9cd75969e1cec774441d235715c8b4ab631da7bb42a3bd25d8027

data/.buildkite/pipeline.yml

@@ -1,3 +1,3 @@
 steps:
   - name: ":rspec:"
-    command: "bundle install --path vendor/bundle --with development test && RACK_ENV=test bundle exec rake db:migrate && bundle exec rspec"
+    command: "bundle install --path vendor/bundle --with development test && RACK_ENV=test bundle exec rake db:migrate && bundle exec rspec"

data/.rubocop.yml

@@ -1,8 +1,7 @@
 AllCops:
   Exclude:
-    - client/**/*
     - db/**/*
-    - node_modules/**/*
+    - lib/osso/db/**/*
 
 # New rules must be explicitly opted into / out of
 Lint/RaiseException:

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    osso (0.0.3.4)
+    osso (0.0.3.5)
       activesupport (>= 6.0.3.2)
       graphql
       jwt

data/bin/console

@@ -1,7 +1,8 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 
-require "bundler/setup"
-require "osso"
+require 'bundler/setup'
+require 'osso'
 
-require "irb"
+require 'irb'
 IRB.start(__FILE__)

data/lib/osso.rb

@@ -4,6 +4,7 @@ module Osso
   require_relative 'osso/helpers/helpers'
   require_relative 'osso/lib/app_config'
   require_relative 'osso/lib/oauth2_token'
+  require_relative 'osso/lib/route_map'
   require_relative 'osso/models/models'
   require_relative 'osso/routes/routes'
   require_relative 'osso/graphql/schema'

data/lib/osso/graphql/mutations.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 module Osso
   module Mutations
   end

data/lib/osso/graphql/types/identity_provider_service.rb

@@ -9,4 +9,4 @@ module Osso
       end
     end
   end
-end
+end

data/lib/osso/helpers/auth.rb

@@ -4,15 +4,17 @@ module Osso
   module Helpers
     module Auth
       attr_accessor :current_scope
-      
+
       def enterprise_protected!(domain = nil)
         return if admin_authorized?
         return if enterprise_authorized?(domain)
 
+        halt 401 if request.post?
+
         redirect ENV['JWT_URL']
       end
 
-      def enterprise_authorized?(domain)
+      def enterprise_authorized?(_domain)
         payload, _args = JWT.decode(
           token,
           ENV['JWT_HMAC_SECRET'],
@@ -66,4 +68,4 @@ module Osso
       end
     end
   end
-end
+end

data/lib/osso/lib/route_map.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+# rubocop:disable Metrics/MethodLength
+
+module Osso
+  module RouteMap
+    def self.included(klass)
+      klass.class_eval do
+        use Osso::Admin
+        use Osso::Auth
+        use Osso::Oauth
+
+        post '/graphql' do
+          enterprise_protected!
+
+          result = Osso::GraphQL::Schema.execute(
+            params[:query],
+            variables: params[:variables],
+            context: { scope: current_scope },
+          )
+
+          json result
+        end
+      end
+    end
+  end
+end
+# rubocop:enable Metrics/MethodLength

data/lib/osso/models/oauth_client.rb

@@ -29,4 +29,4 @@ module Osso
       end
     end
   end
-end
+end

data/lib/osso/models/saml_providers/azure_saml_provider.rb

@@ -19,4 +19,4 @@ module Osso
       end
     end
   end
-end
+end

data/lib/osso/routes/admin.rb

@@ -6,33 +6,36 @@ module Osso
   class Admin < Sinatra::Base
     include AppConfig
     helpers Helpers::Auth
+    register Sinatra::Namespace
 
     before do
       chomp_token
     end
 
-    get '/' do
-      admin_protected!
+    namespace '/admin' do
+      get '' do
+        admin_protected!
 
-      erb :admin
-    end
+        erb :admin
+      end
 
-    get '/enterprise' do
-      admin_protected!
+      get '/enterprise' do
+        admin_protected!
 
-      erb :admin
-    end
+        erb :admin
+      end
 
-    get '/enterprise/:domain' do
-      enterprise_protected!(params[:domain])
+      get '/enterprise/:domain' do
+        enterprise_protected!(params[:domain])
 
-      erb :admin
-    end
+        erb :admin
+      end
 
-    get '/config' do
-      admin_protected!
+      get '/config' do
+        admin_protected!
 
-      erb :admin
+        erb :admin
+      end
     end
   end
 end

data/lib/osso/routes/auth.rb

@@ -8,6 +8,7 @@ require 'omniauth-saml'
 module Osso
   class Auth < Sinatra::Base
     include AppConfig
+    register Sinatra::Namespace
 
     UUID_REGEXP =
       /[0-9a-f]{8}-[0-9a-f]{3,4}-[0-9a-f]{4}-[0-9a-f]{3,4}-[0-9a-f]{12}/.
@@ -30,35 +31,37 @@ module Osso
       end
     end
 
-    # Enterprise users are sent here after authenticating against
-    # their Identity Provider. We find or create a user record,
-    # and then create an authorization code for that user. The user
-    # is redirected back to your application with this code
-    # as a URL query param, which you then exhange for an access token
-    post '/saml/:id/callback' do
-      provider = Models::SamlProvider.find(params[:id])
-      oauth_client = provider.oauth_client
-      redirect_uri = env['redirect_uri'] || oauth_client.default_redirect_uri.uri
+    namespace '/auth' do
+      # Enterprise users are sent here after authenticating against
+      # their Identity Provider. We find or create a user record,
+      # and then create an authorization code for that user. The user
+      # is redirected back to your application with this code
+      # as a URL query param, which you then exhange for an access token
+      post '/saml/:id/callback' do
+        provider = Models::SamlProvider.find(params[:id])
+        oauth_client = provider.oauth_client
+        redirect_uri = env['redirect_uri'] || oauth_client.default_redirect_uri.uri
 
-      attributes = env['omniauth.auth']&.
-        extra&.
-        response_object&.
-        attributes
+        attributes = env['omniauth.auth']&.
+          extra&.
+          response_object&.
+          attributes
 
-      user = Models::User.where(
-        email: attributes[:email],
-        idp_id: attributes[:id],
-      ).first_or_create! do |new_user|
-        new_user.enterprise_account_id = provider.enterprise_account_id
-        new_user.saml_provider_id = provider.id
-      end
+        user = Models::User.where(
+          email: attributes[:email],
+          idp_id: attributes[:id],
+        ).first_or_create! do |new_user|
+          new_user.enterprise_account_id = provider.enterprise_account_id
+          new_user.saml_provider_id = provider.id
+        end
 
-      authorization_code = user.authorization_codes.create!(
-        oauth_client: oauth_client,
-        redirect_uri: redirect_uri,
-      )
+        authorization_code = user.authorization_codes.create!(
+          oauth_client: oauth_client,
+          redirect_uri: redirect_uri,
+        )
 
-      redirect(redirect_uri + "?code=#{CGI.escape(authorization_code.token)}&state=#{session[:oauth_state]}")
+        redirect(redirect_uri + "?code=#{CGI.escape(authorization_code.token)}&state=#{session[:oauth_state]}")
+      end
     end
   end
 end

data/lib/osso/routes/oauth.rb

@@ -5,54 +5,59 @@ require 'rack/oauth2'
 module Osso
   class Oauth < Sinatra::Base
     include AppConfig
-    # Send your users here in order to being an authentication
-    # flow. This flow follows the authorization grant oauth
-    # spec with one exception - you must also pass the domain
-    # of the user who wants to sign in.
-    get '/authorize' do
-      @enterprise = Models::EnterpriseAccount.
-        includes(:saml_providers).
-        find_by!(domain: params[:domain])
-
-      Rack::OAuth2::Server::Authorize.new do |req, _res|
-        client = Models::OauthClient.find_by!(identifier: req.client_id)
-        req.verify_redirect_uri!(client.redirect_uri_values)
-      end.call(env)
-
-      if @enterprise.single_provider?
-        session[:oauth_state] = params[:state]
-        redirect "/auth/saml/#{@enterprise.provider.id}"
+    register Sinatra::Namespace
+    # rubocop:disable Metrics/BlockLength
+    namespace '/oauth' do
+      # Send your users here in order to being an authentication
+      # flow. This flow follows the authorization grant oauth
+      # spec with one exception - you must also pass the domain
+      # of the user who wants to sign in.
+      get '/authorize' do
+        @enterprise = Models::EnterpriseAccount.
+          includes(:saml_providers).
+          find_by!(domain: params[:domain])
+
+        Rack::OAuth2::Server::Authorize.new do |req, _res|
+          client = Models::OauthClient.find_by!(identifier: req.client_id)
+          req.verify_redirect_uri!(client.redirect_uri_values)
+        end.call(env)
+
+        if @enterprise.single_provider?
+          session[:oauth_state] = params[:state]
+          redirect "/auth/saml/#{@enterprise.provider.id}"
+        end
+
+        # TODO: multiple provider support
+        # erb :multiple_providers
+
+      rescue Rack::OAuth2::Server::Authorize::BadRequest => e
+        @error = e
+        return erb :error
       end
 
-      # TODO: multiple provider support
-      # erb :multiple_providers
-
-    rescue Rack::OAuth2::Server::Authorize::BadRequest => e
-      @error = e
-      return erb :error
-    end
-
-    # Exchange an authorization code token for an access token.
-    # In addition to the token, you must include all paramaters
-    # required by Oauth spec: redirect_uri, client ID, and client secret
-    post '/token' do
-      Rack::OAuth2::Server::Token.new do |req, res|
-        code = Models::AuthorizationCode.
-          find_by_token!(params[:code])
-        client = Models::OauthClient.find_by!(identifier: req.client_id)
-        req.invalid_client! if client.secret != req.client_secret
-        req.invalid_grant! if code.redirect_uri != req.redirect_uri
-        res.access_token = code.access_token.to_bearer_token
-      end.call(env)
-    end
+      # Exchange an authorization code token for an access token.
+      # In addition to the token, you must include all paramaters
+      # required by Oauth spec: redirect_uri, client ID, and client secret
+      post '/token' do
+        Rack::OAuth2::Server::Token.new do |req, res|
+          code = Models::AuthorizationCode.
+            find_by_token!(params[:code])
+          client = Models::OauthClient.find_by!(identifier: req.client_id)
+          req.invalid_client! if client.secret != req.client_secret
+          req.invalid_grant! if code.redirect_uri != req.redirect_uri
+          res.access_token = code.access_token.to_bearer_token
+        end.call(env)
+      end
 
-    # Use the access token to request a user profile
-    get '/me' do
-      json Models::AccessToken.
-        includes(:user).
-        valid.
-        find_by_token!(params[:access_token]).
-        user
+      # Use the access token to request a user profile
+      get '/me' do
+        json Models::AccessToken.
+          includes(:user).
+          valid.
+          find_by_token!(params[:access_token]).
+          user
+      end
     end
   end
 end
+# rubocop:enable Metrics/BlockLength

data/lib/osso/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Osso
-  VERSION = '0.0.3.4'
+  VERSION = '0.0.3.5'
 end

data/osso-rb.gemspec

@@ -2,6 +2,7 @@
 
 require_relative 'lib/osso/version'
 
+# rubocop:disable Metrics/BlockLength
 Gem::Specification.new do |spec|
   spec.name          = 'osso'
   spec.version       = Osso::VERSION
@@ -30,12 +31,10 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'bundler', '~> 2.1'
   spec.add_development_dependency 'pry'
 
-  # Specify which files should be added to the gem when it is released.
-  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
   spec.executables   = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
   spec.files         = `git ls-files`.split("\n")
   spec.test_files    = `git ls-files -- {spec}/*`.split("\n")
   spec.bindir        = 'bin'
-  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 end
+# rubocop:enable Metrics/BlockLength

data/spec/routes/admin_spec.rb

@@ -25,7 +25,9 @@ describe Osso::Admin do
       get('/admin', token: SecureRandom.hex(32))
 
       expect(last_response).to be_redirect
+
       follow_redirect!
+
       expect(last_request.url).to eq(jwt_url)
     end
 

data/spec/spec_helper.rb

@@ -14,15 +14,13 @@ ENV['SESSION_SECRET'] = 'supersecret'
 
 require File.expand_path '../lib/osso.rb', __dir__
 
+require File.expand_path 'support/spec_app', __dir__
+
 module RSpecMixin
   include Rack::Test::Methods
 
   def app
-    Rack::URLMap.new(
-      '/admin' => Osso::Admin,
-      '/auth' => Osso::Auth,
-      '/oauth' => Osso::Oauth,
-    )
+    SpecApp
   end
 
   def mock_saml_omniauth(email: 'user@enterprise.com', id: SecureRandom.uuid)

data/spec/support/spec_app.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class SpecApp < Sinatra::Base
+  include Osso::RouteMap
+
+  get '/health' do
+    'ok'
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: osso
 version: !ruby/object:Gem::Version
-  version: 0.0.3.4
+  version: 0.0.3.5
 platform: ruby
 authors:
 - Sam Bauch
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-07-09 00:00:00.000000000 Z
+date: 2020-07-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -277,6 +277,7 @@ files:
 - lib/osso/helpers/helpers.rb
 - lib/osso/lib/app_config.rb
 - lib/osso/lib/oauth2_token.rb
+- lib/osso/lib/route_map.rb
 - lib/osso/models/access_token.rb
 - lib/osso/models/authorization_code.rb
 - lib/osso/models/enterprise_account.rb
@@ -311,6 +312,7 @@ files:
 - spec/routes/auth_spec.rb
 - spec/routes/oauth_spec.rb
 - spec/spec_helper.rb
+- spec/support/spec_app.rb
 - spec/support/views/admin.erb
 homepage: https://github.com/enterprise-oss/osso-rb
 licenses: