osso 0.0.3.5 → 0.0.3.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: abe7c30a149dfc3e0b0c457317b07065503bb551e1b93bd9e2a98443460eb426
-  data.tar.gz: 41b7772e2a15c6507104b3ceb4922db9b72f9071ac5d0763bb51334bce324a83
+  metadata.gz: f2d208f60074e354a988dd4f6d1e07409a8c5b9809371f2ab86e952c1cf52cb2
+  data.tar.gz: a113355db7bb066f7f87fea0bf8313bc7f60d628380abb8f334fc5de8e7e2d29
 SHA512:
-  metadata.gz: 90647d30bd113058d75d2e958ac6f116fa26a5e1262460795adbeb438e99dc3fe93ab57610dd705c1ca07a3daf7fb52eba1f651e47979fbc8494ca159cfe8712
-  data.tar.gz: 7922ea24bdfff89d21e3f615e8decc4b88c6f672512f5fb04405061c09a178bbe6ab10addec9cd75969e1cec774441d235715c8b4ab631da7bb42a3bd25d8027
+  metadata.gz: fec8ba8811aa056a367f975f206309cf74148a2bb551f8b37073a5c084a8fdeb86433dcd55862e24fe1199ba0b9ac8f3d166fce74ab7ea61ac5faa0690426baf
+  data.tar.gz: 20f63616bfc1619d503357be6cbabc114bd9a9402fdd7cdf3e0caa5415fb19dd4cf22a56dcdc6aa83c0b323cd77f4da529659e1455e3c277f4d4180d97e290d5

data/.buildkite/pipeline.yml

@@ -1,3 +1,6 @@
 steps:
   - name: ":rspec:"
-    command: "bundle install --path vendor/bundle --with development test && RACK_ENV=test bundle exec rake db:migrate && bundle exec rspec"
+    commands: 
+        - "bundle install"
+        - "bundle exec rake db:test:prepare"
+        - "bundle exec rspec"

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    osso (0.0.3.5)
+    osso (0.0.3.6)
       activesupport (>= 6.0.3.2)
       graphql
       jwt

data/config/database.yml

@@ -2,13 +2,13 @@ development:
   adapter: postgresql
   encoding: unicode
   pool: 5
-  database: osso
+  database: ossorb-development
   host: ''
   port: 5432
 test:
   adapter: postgresql
   encoding: unicode
   pool: 5
-  database: osso-test
+  database: ossorb-test
   host: ''
   port: 5432

data/db/schema.rb

@@ -1 +1,133 @@
-# frozen_string_literal: true
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# This file is the source Rails uses to define your schema when running `rails
+# db:schema:load`. When creating a new database, `rails db:schema:load` tends to
+# be faster and is potentially less error prone than running all of your
+# migrations from scratch. Old migrations may fail to apply correctly if those
+# migrations use external dependencies or application code.
+#
+# It's strongly recommended that you check this file into your version control system.
+
+ActiveRecord::Schema.define(version: 2020_07_15_205801) do
+
+  # These are extensions that must be enabled in order to support this database
+  enable_extension "pgcrypto"
+  enable_extension "plpgsql"
+
+  create_table "access_tokens", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
+    t.string "token"
+    t.datetime "expires_at"
+    t.datetime "created_at", precision: 6, null: false
+    t.datetime "updated_at", precision: 6, null: false
+    t.uuid "user_id"
+    t.uuid "oauth_client_id"
+    t.index ["oauth_client_id"], name: "index_access_tokens_on_oauth_client_id"
+    t.index ["user_id"], name: "index_access_tokens_on_user_id"
+  end
+
+  create_table "authorization_codes", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
+    t.string "token"
+    t.string "redirect_uri"
+    t.datetime "expires_at"
+    t.datetime "created_at", precision: 6, null: false
+    t.datetime "updated_at", precision: 6, null: false
+    t.uuid "user_id"
+    t.uuid "oauth_client_id"
+    t.index ["oauth_client_id"], name: "index_authorization_codes_on_oauth_client_id"
+    t.index ["token"], name: "index_authorization_codes_on_token", unique: true
+    t.index ["user_id"], name: "index_authorization_codes_on_user_id"
+  end
+
+  create_table "enterprise_accounts", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
+    t.string "domain", null: false
+    t.uuid "external_uuid"
+    t.integer "external_int_id"
+    t.string "external_id"
+    t.uuid "oauth_client_id"
+    t.string "name", null: false
+    t.index ["domain"], name: "index_enterprise_accounts_on_domain", unique: true
+    t.index ["oauth_client_id"], name: "index_enterprise_accounts_on_oauth_client_id"
+  end
+
+  create_table "identity_providers", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
+    t.string "service"
+    t.string "domain", null: false
+    t.string "sso_url"
+    t.text "sso_cert"
+    t.uuid "enterprise_account_id"
+    t.uuid "oauth_client_id"
+    t.index ["domain"], name: "index_identity_providers_on_domain"
+    t.index ["enterprise_account_id"], name: "index_identity_providers_on_enterprise_account_id"
+    t.index ["oauth_client_id"], name: "index_identity_providers_on_oauth_client_id"
+  end
+
+  create_table "oauth_access_grants", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
+    t.uuid "resource_owner_id", null: false
+    t.uuid "application_id", null: false
+    t.string "token", null: false
+    t.integer "expires_in", null: false
+    t.text "redirect_uri", null: false
+    t.datetime "created_at", null: false
+    t.datetime "revoked_at"
+    t.string "scopes", default: "", null: false
+    t.index ["application_id"], name: "index_oauth_access_grants_on_application_id"
+    t.index ["token"], name: "index_oauth_access_grants_on_token", unique: true
+  end
+
+  create_table "oauth_access_tokens", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
+    t.uuid "resource_owner_id"
+    t.uuid "application_id"
+    t.string "token", null: false
+    t.string "refresh_token"
+    t.integer "expires_in"
+    t.datetime "revoked_at"
+    t.datetime "created_at", null: false
+    t.string "scopes"
+    t.string "previous_refresh_token", default: "", null: false
+    t.index ["application_id"], name: "index_oauth_access_tokens_on_application_id"
+    t.index ["refresh_token"], name: "index_oauth_access_tokens_on_refresh_token", unique: true
+    t.index ["token"], name: "index_oauth_access_tokens_on_token", unique: true
+  end
+
+  create_table "oauth_applications", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
+    t.string "name", null: false
+    t.string "secret", null: false
+    t.text "redirect_uri", null: false
+    t.string "scopes", default: "", null: false
+    t.boolean "confidential", default: true, null: false
+    t.datetime "created_at", precision: 6, null: false
+    t.datetime "updated_at", precision: 6, null: false
+  end
+
+  create_table "oauth_clients", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
+    t.string "name", null: false
+    t.string "secret", null: false
+    t.string "identifier", null: false
+    t.index ["identifier"], name: "index_oauth_clients_on_identifier", unique: true
+  end
+
+  create_table "redirect_uris", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
+    t.string "uri", null: false
+    t.boolean "primary", default: false, null: false
+    t.uuid "oauth_client_id"
+    t.index ["oauth_client_id"], name: "index_redirect_uris_on_oauth_client_id"
+    t.index ["uri", "primary"], name: "index_redirect_uris_on_uri_and_primary", unique: true
+  end
+
+  create_table "users", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
+    t.string "email", null: false
+    t.string "idp_id", null: false
+    t.uuid "identity_provider_id"
+    t.uuid "enterprise_account_id"
+    t.index ["email", "idp_id"], name: "index_users_on_email_and_idp_id", unique: true
+    t.index ["enterprise_account_id"], name: "index_users_on_enterprise_account_id"
+  end
+
+  add_foreign_key "oauth_access_grants", "oauth_applications", column: "application_id"
+  add_foreign_key "oauth_access_grants", "users", column: "resource_owner_id"
+  add_foreign_key "oauth_access_tokens", "oauth_applications", column: "application_id"
+  add_foreign_key "oauth_access_tokens", "users", column: "resource_owner_id"
+  add_foreign_key "users", "identity_providers"
+end

data/lib/osso/db/migrate/20200328143305_create_identity_providers.rb

@@ -0,0 +1,12 @@
+class CreateIdentityProviders < ActiveRecord::Migration[6.0]
+  def change
+    create_table :identity_providers, id: :uuid do |t|
+      t.string  :service
+      t.string  :domain, null: false
+      t.string :idp_sso_target_url
+      t.text :idp_cert
+    end
+
+    add_index :identity_providers, :domain
+  end
+end

data/lib/osso/db/migrate/20200411184535_add_provider_id_to_users.rb

@@ -1,7 +1,7 @@
 class AddProviderIdToUsers < ActiveRecord::Migration[6.0]
   def change
-    add_column :users, :saml_provider_id, :uuid
+    add_column :users, :identity_provider_id, :uuid
 
-    add_foreign_key :users, :saml_providers
+    add_foreign_key :users, :identity_providers
   end
 end

data/lib/osso/db/migrate/20200411192645_create_enterprise_accounts.rb

@@ -9,7 +9,7 @@ class CreateEnterpriseAccounts < ActiveRecord::Migration[6.0]
 
     add_index :enterprise_accounts, :domain, unique: true
 
-    add_reference :saml_providers, :enterprise_account, type: :uuid, index: true    
+    add_reference :identity_providers, :enterprise_account, type: :uuid, index: true    
     add_reference :users, :enterprise_account, type: :uuid, index: true
   end
 end

data/lib/osso/db/migrate/20200502135008_add_oauth_client_id_to_enterprise_accounts_and_identity_providers.rb

@@ -0,0 +1,6 @@
+class AddOauthClientIdToEnterpriseAccountsAndIdentityProviders < ActiveRecord::Migration[6.0]
+  def change
+    add_reference :enterprise_accounts, :oauth_client, type: :uuid, index: true
+    add_reference :identity_providers, :oauth_client, type: :uuid, index: true
+  end
+end

data/lib/osso/db/migrate/20200714223226_add_identity_provider_service_enum.rb

@@ -0,0 +1,17 @@
+class AddIdentityProviderServiceEnum < ActiveRecord::Migration[6.0]
+  def change
+    def up
+      execute <<-SQL
+        CREATE TYPE identity_provider_service AS ENUM ('OKTA', 'AZURE');
+      SQL
+      chnage_column :identity_providers, :service, :identity_provider_service
+    end
+  
+    def down
+      chnage_column :identity_providers, :service, :text
+      execute <<-SQL
+        DROP TYPE identity_provider_service;
+      SQL
+    end
+  end
+end

data/lib/osso/db/migrate/20200715154211_rename_idp_fields_on_identity_provider_to_sso.rb

@@ -0,0 +1,6 @@
+class RenameIdpFieldsOnIdentityProviderToSso < ActiveRecord::Migration[6.0]
+  def change
+    rename_column :identity_providers, :idp_cert, :sso_cert
+    rename_column :identity_providers, :idp_sso_target_url, :sso_url
+  end
+end

data/lib/osso/db/migrate/20200715205801_add_name_to_enterprise_account.rb

@@ -0,0 +1,5 @@
+class AddNameToEnterpriseAccount < ActiveRecord::Migration[6.0]
+  def change
+    add_column :enterprise_accounts, :name, :string, null: false
+  end
+end

data/lib/osso/graphql/mutation.rb

@@ -8,7 +8,8 @@ module Osso
       class MutationType < BaseObject
         field :configure_identity_provider, mutation: Mutations::ConfigureIdentityProvider
         field :create_identity_provider, mutation: Mutations::CreateIdentityProvider
-        field :set_saml_provider, mutation: Mutations::SetSamlProvider
+        field :create_enterprise_account, mutation: Mutations::CreateEnterpriseAccount
+        field :set_identity_provider, mutation: Mutations::SetSamlProvider
       end
     end
   end

data/lib/osso/graphql/mutations.rb

@@ -8,4 +8,5 @@ end
 require_relative 'mutations/base_mutation'
 require_relative 'mutations/configure_identity_provider'
 require_relative 'mutations/create_identity_provider'
-require_relative 'mutations/set_saml_provider'
+require_relative 'mutations/create_enterprise_account'
+require_relative 'mutations/set_identity_provider'

data/lib/osso/graphql/mutations/base_mutation.rb

@@ -4,20 +4,31 @@ module Osso
   module GraphQL
     module Mutations
       class BaseMutation < ::GraphQL::Schema::RelayClassicMutation
-        # This is used for generating payload types
         object_class Types::BaseObject
-        # # This is used for return fields on the mutation's payload
-        # field_class Types::BaseField
-        # # This is used for generating the `input: { ... }` object type
-        # input_object_class Types::BaseInputObject
+        input_object_class Types::BaseInputObject
 
-        def return_data(data)
+        def response_data(data)
           data.merge(errors: [])
         end
 
-        def return_error(error)
+        def response_error(error)
           error.merge(data: nil)
         end
+
+        def ready?(enterprise_account_id: nil, domain: nil, **args)
+          return true if context[:scope] == :admin
+
+          domain ||= account_domain(enterprise_account_id)
+          return true if domain == context[:scope]
+
+          raise ::GraphQL::ExecutionError, "This user lacks the scope to mutate records belonging to #{args[:domain]}"
+        end
+
+        def account_domain(id)
+          return false unless id
+
+          Osso::Models::EnterpriseAccount.find(id)&.domain
+        end
       end
     end
   end

data/lib/osso/graphql/mutations/configure_identity_provider.rb

@@ -6,23 +6,20 @@ module Osso
       class ConfigureIdentityProvider < BaseMutation
         null false
         argument :id, ID, required: true
-        argument :service, Types::IdentityProviderService, required: true
-        argument :sso_url, String, required: true
-        argument :sso_cert, String, required: true
+        argument :service, Types::IdentityProviderService, required: false
+        argument :sso_url, String, required: false
+        argument :sso_cert, String, required: false
 
-        field :identity_provider, Types::IdentityProvider, null: true
+        field :identity_provider, Types::IdentityProvider, null: false
         field :errors, [String], null: false
 
-        def resolve(id:, sso_url:, sso_cert:, service:)
-          provider = Osso::Models::SamlProvider.find(id)
-          provider.update(
-            idp_cert: sso_cert,
-            idp_sso_target_url: sso_url,
-          )
+        def resolve(id:, **args)
+          provider = Osso::Models::IdentityProvider.find(id)
 
-          return_data(identity_provider: provider)
-          # rescue StandardError => e
-          #   return_error(errors: e.full_message)
+          return unauthorized unless authorized?
+          return response_data(identity_provider: provider) if provider.update(args)
+
+          response_error(errors: provder.errors.messages)
         end
       end
     end

data/lib/osso/graphql/mutations/create_enterprise_account.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Osso
+  module GraphQL
+    module Mutations
+      class CreateEnterpriseAccount < BaseMutation
+        null false
+
+        argument :domain, String, required: true
+        argument :name, String, required: true
+
+        field :enterprise_account, Types::EnterpriseAccount, null: false
+        field :errors, [String], null: false
+
+        def resolve(**args)
+          enterprise_account = Osso::Models::EnterpriseAccount.new(args)
+
+          return response_data(enterprise_account: enterprise_account) if enterprise_account.save
+
+          response_error(errors: enterprise_account.errors.full_messages)
+        end
+      end
+    end
+  end
+end

data/lib/osso/graphql/mutations/create_identity_provider.rb

@@ -5,22 +5,24 @@ module Osso
     module Mutations
       class CreateIdentityProvider < BaseMutation
         null false
+
         argument :enterprise_account_id, ID, required: true
-        argument :provider_service, Types::IdentityProviderService, required: true
+        argument :service, Types::IdentityProviderService, required: false
 
         field :identity_provider, Types::IdentityProvider, null: false
         field :errors, [String], null: false
 
-        def resolve(enterprise_account_id:, provider_service:)
+        def resolve(enterprise_account_id:, service: nil)
           enterprise_account = Osso::Models::EnterpriseAccount.find(enterprise_account_id)
-          identity_provider = enterprise_account.saml_providers.create!(
-            provider: provider_service || 'OKTA',
+          identity_provider = enterprise_account.identity_providers.build(
+            enterprise_account_id: enterprise_account_id,
+            service: service,
             domain: enterprise_account.domain,
           )
 
-          return_data(identity_provider: identity_provider)
-        rescue StandardError => e
-          return_error(errors: e.full_message)
+          return response_data(identity_provider: identity_provider) if identity_provider.save
+
+          response_error(errors: identity_provider.errors.full_messages)
         end
       end
     end

data/lib/osso/graphql/mutations/{set_saml_provider.rb → set_identity_provider.rb}

@@ -13,11 +13,11 @@ module Osso
         field :errors, [String], null: false
 
         def resolve(provider:, id:)
-          saml_provider = Osso::Models::SamlProvider.find(id)
-          saml_provider.provider = provider
-          saml_provider.save!
+          identity_provider = Osso::Models::IdentityProvider.find(id)
+          identity_provider.service = provider
+          identity_provider.save!
           {
-            saml_provider: saml_provider,
+            identity_provider: identity_provider,
             errors: [],
           }
         end

data/lib/osso/graphql/query.rb

@@ -7,7 +7,7 @@ module Osso
         field :enterprise_accounts, null: true, resolver: Resolvers::EnterpriseAccounts
         field :oauth_clients, null: true, resolver: Resolvers::OAuthClients
 
-        field :enterprise_account, null: false, resolver: Resolvers::EnterpriseAccount do
+        field :enterprise_account, null: true, resolver: Resolvers::EnterpriseAccount do
           argument :domain, String, required: true
         end
 
@@ -15,7 +15,7 @@ module Osso
           :identity_provider,
           Types::IdentityProvider,
           null: true,
-          resolve: ->(_obj, args, _context) { Osso::Models::SamlProvider.find(args[:id]) },
+          resolve: ->(_obj, args, _context) { Osso::Models::IdentityProvider.find(args[:id]) },
         ) do
           argument :id, ID, required: true
         end

data/lib/osso/graphql/resolvers/oauth_clients.rb

@@ -7,7 +7,7 @@ module Osso
         type [Types::OAuthClient], null: true
 
         def resolve
-          return Osso::Models::OAuthClient.all if context[:scope] == :admin
+          return Osso::Models::OauthClient.all if context[:scope] == :admin
         end
       end
     end