Merge pull request #746 from code0-tech/648-missing-identities-provider-in-graphql-schema

Taucher2003 · web-flow · commit fe73ec0c466e · 2025-12-04T20:46:18.000+01:00
Add missing identity providers validations and types
diff --git a/app/graphql/types/application_settings_type.rb b/app/graphql/types/application_settings_type.rb
@@ -16,5 +16,9 @@ class ApplicationSettingsType < Types::BaseObject
     field :admin_status_visible, Boolean,
           null: false,
           description: 'Shows if admin status can be queried by non-administrators'
+
+    field :identity_providers, Types::IdentityProviderType.connection_type,
+          null: false,
+          description: 'List of configured identity providers'
   end
 end
diff --git a/app/graphql/types/identity_provider_config_type.rb b/app/graphql/types/identity_provider_config_type.rb
@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Types
+  class IdentityProviderConfigType < Types::BaseUnion
+    description 'Represents the configuration of an identity provider.'
+
+    possible_types Types::OidcIdentityProviderConfigType, Types::SamlIdentityProviderConfigType
+
+    def self.resolve_type(object, _context)
+      case object[:type]
+      when :saml
+        Types::SamlIdentityProviderConfigType
+      else
+        Types::OidcIdentityProviderConfigType
+      end
+    end
+  end
+end
diff --git a/app/graphql/types/identity_provider_type.rb b/app/graphql/types/identity_provider_type.rb
@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module Types
+  class IdentityProviderType < Types::BaseObject
+    description 'Represents an identity provider configuration.'
+
+    field :id, String, null: false, description: 'Unique identifier of the identity provider.'
+    field :type, Types::IdentityProviderTypeEnum, null: false, description: 'Type of the identity provider.'
+
+    field :config, Types::IdentityProviderConfigType, null: false,
+                                                      description: 'Configuration details of the identity provider.'
+
+    def config
+      object.config.merge(type: object.type)
+    end
+  end
+end
diff --git a/app/graphql/types/identity_provider_type_enum.rb b/app/graphql/types/identity_provider_type_enum.rb
@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Types
+  class IdentityProviderTypeEnum < Types::BaseEnum
+    description 'The available identity provider types.'
+
+    Code0::Identities::Provider.constants.each do |provider_class|
+      next if provider_class == :BaseOauth
+
+      provider_type = provider_class.to_s.downcase
+      value provider_type.upcase, "Identity provider of type #{provider_type}", value: provider_type.to_sym
+    end
+  end
+end
diff --git a/app/graphql/types/input/identity_provider_config_input_type.rb b/app/graphql/types/input/identity_provider_config_input_type.rb
@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module Types
+  module Input
+    class IdentityProviderConfigInputType < Types::BaseInputObject
+      description 'Input for identity provider configuration. Contains fields for both OIDC and SAML.'
+
+      # OIDC fields
+      argument :authorization_url, String, required: false,
+                                           description: 'The authorization URL for the OIDC identity provider'
+      argument :client_id, String, required: false, description: 'The client ID for the OIDC identity provider'
+      argument :client_secret, String, required: false, description: 'The client secret for the OIDC identity provider'
+      argument :redirect_uri, String, required: false, description: 'The redirect URI for the OIDC identity provider'
+      argument :user_details_url, String, required: false,
+                                          description: 'The user details URL for the OIDC identity provider'
+
+      # Common
+      argument :attribute_statements, GraphQL::Types::JSON,
+               required: false,
+               description: 'List of attribute statements for the identity provider'
+      argument :provider_name, String,
+               required: false,
+               description: 'The name of the identity provider'
+
+      # SAML-specific fields
+      argument :metadata_url, String, required: false,
+                                      description: 'Optional metadata URL to fetch metadata (alternative to settings)'
+      argument :response_settings, GraphQL::Types::JSON,
+               required: false,
+               description: 'The SAML response settings for the identity provider'
+      argument :settings, GraphQL::Types::JSON, required: false,
+                                                description: 'The SAML settings for the identity provider'
+    end
+  end
+end
diff --git a/app/graphql/types/input/identity_provider_input_type.rb b/app/graphql/types/input/identity_provider_input_type.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Types
+  module Input
+    class IdentityProviderInputType < Types::BaseInputObject
+      description 'Input for creating or updating an identity provider'
+
+      argument :config, Types::Input::IdentityProviderConfigInputType,
+               required: true,
+               description: 'Configuration for the identity provider'
+      argument :id, String, required: true, description: 'Unique identifier of the identity provider'
+      argument :type, Types::IdentityProviderTypeEnum, required: true, description: 'Type of the identity provider'
+    end
+  end
+end
diff --git a/app/graphql/types/oidc_identity_provider_config_type.rb b/app/graphql/types/oidc_identity_provider_config_type.rb
@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+module Types
+  class OidcIdentityProviderConfigType < Types::BaseObject
+    description 'Represents an OIDC identity provider configuration'
+
+    markdown_documentation <<~MARKDOWN
+      For more information see: https://github.com/code0-tech/code0-identities/blob/#{Code0::Identities::VERSION}/README.md#oauth-based
+    MARKDOWN
+
+    # rubocop:disable Graphql/ExtractType
+    field :client_id, String,
+          null: false,
+          description: 'The client ID for the OIDC identity provider'
+
+    field :client_secret, String,
+          null: false,
+          description: 'The client secret for the OIDC identity provider'
+    # rubocop:enable Graphql/ExtractType
+
+    field :redirect_uri, String,
+          null: false,
+          description: 'The redirect URI for the OIDC identity provider'
+
+    field :provider_name, String,
+          null: false,
+          description: 'The name of the OIDC identity provider'
+
+    field :user_details_url, String,
+          null: false,
+          description: 'The user details URL for the OIDC identity provider'
+
+    field :authorization_url, String,
+          null: false,
+          description: 'The authorization URL for the OIDC identity provider'
+
+    field :attribute_statements, GraphQL::Types::JSON,
+          null: false,
+          description: 'List of attribute statements for the OIDC identity provider'
+  end
+end
diff --git a/app/graphql/types/saml_identity_provider_config_type.rb b/app/graphql/types/saml_identity_provider_config_type.rb
@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Types
+  class SamlIdentityProviderConfigType < Types::BaseObject
+    description 'Represents the configuration for a SAML identity provider.'
+
+    markdown_documentation <<~MARKDOWN
+      For more information see: https://github.com/code0-tech/code0-identities/blob/#{Code0::Identities::VERSION}/README.md#saml
+    MARKDOWN
+
+    field :provider_name, String,
+          null: false,
+          description: 'The name of the SAML identity provider'
+
+    field :attribute_statements, GraphQL::Types::JSON,
+          null: false,
+          description: 'List of attribute statements for the SAML identity provider'
+
+    field :settings, GraphQL::Types::JSON,
+          null: false,
+          description: 'The SAML settings for the identity provider'
+
+    field :response_settings, GraphQL::Types::JSON,
+          null: false,
+          description: 'The SAML response settings for the identity provider'
+
+    field :metadata_url, String,
+          null: true,
+          description: 'The metadata url to fetch the metadatas (replacement for settings)'
+  end
+end
diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb
@@ -25,6 +25,8 @@ class ApplicationSetting < ApplicationRecord
                       }
   validate :validate_value
 
+  validate :validate_identity_providers, if: :identity_providers?
+
   BOOLEAN_OPTIONS.each do |option|
     validates :value, inclusion: { in: [false, true] }, if: :"#{option}?"
   end
@@ -33,6 +35,28 @@ def validate_value
     errors.add(:value, :blank) if value.nil?
   end
 
+  def validate_identity_providers
+    value.each do |provider|
+      provider.deep_symbolize_keys!
+      if provider[:id].nil? || provider[:type].nil? || provider[:config].nil?
+        next errors.add(:value, :id_type_or_config_missing)
+      end
+
+      if provider[:type] == 'saml'
+        allowed_keys = %i[provider_name attribute_statements settings response_settings metadata_url]
+        errors.add(:value, :invalid_saml_configuration_keys) unless (provider[:config].keys - allowed_keys).empty?
+      else
+        required_keys = %i[client_id client_secret redirect_uri user_details_url authorization_url]
+        allowed_keys = %i[provider_name attribute_statements] + required_keys
+
+        required_keys -= %i[user_details_url authorization_url] unless provider[:type] == 'oidc'
+
+        errors.add(:value, :invalid_oidc_configuration_keys) unless (provider[:config].keys - allowed_keys).empty?
+        errors.add(:value, :missing_oidc_configuration_keys) unless (required_keys - provider[:config].keys).empty?
+      end
+    end
+  end
+
   def self.assert_settings_present!(records = ApplicationSetting.all)
     missing_settings = SETTINGS.keys - records.map(&:setting)
     return if missing_settings.empty?
diff --git a/docs/graphql/enum/identityprovidertype.md b/docs/graphql/enum/identityprovidertype.md
@@ -0,0 +1,14 @@
+---
+title: IdentityProviderType
+---
+
+The available identity provider types.
+
+| Value | Description |
+|-------|-------------|
+| `DISCORD` | Identity provider of type discord |
+| `GITHUB` | Identity provider of type github |
+| `GOOGLE` | Identity provider of type google |
+| `MICROSOFT` | Identity provider of type microsoft |
+| `OIDC` | Identity provider of type oidc |
+| `SAML` | Identity provider of type saml |
diff --git a/docs/graphql/object/applicationsettings.md b/docs/graphql/object/applicationsettings.md
@@ -9,6 +9,7 @@ Represents the application settings
 | Name | Type | Description |
 |------|------|-------------|
 | `adminStatusVisible` | [`Boolean!`](../scalar/boolean.md) | Shows if admin status can be queried by non-administrators |
+| `identityProviders` | [`IdentityProviderConnection!`](../object/identityproviderconnection.md) | List of configured identity providers |
 | `organizationCreationRestricted` | [`Boolean!`](../scalar/boolean.md) | Shows if organization creation is restricted to administrators |
 | `userRegistrationEnabled` | [`Boolean!`](../scalar/boolean.md) | Shows if user registration is enabled |
 
diff --git a/docs/graphql/object/identityprovider.md b/docs/graphql/object/identityprovider.md
@@ -0,0 +1,14 @@
+---
+title: IdentityProvider
+---
+
+Represents an identity provider configuration.
+
+## Fields without arguments
+
+| Name | Type | Description |
+|------|------|-------------|
+| `config` | [`IdentityProviderConfig!`](../union/identityproviderconfig.md) | Configuration details of the identity provider. |
+| `id` | [`String!`](../scalar/string.md) | Unique identifier of the identity provider. |
+| `type` | [`IdentityProviderType!`](../enum/identityprovidertype.md) | Type of the identity provider. |
+
diff --git a/docs/graphql/object/identityproviderconnection.md b/docs/graphql/object/identityproviderconnection.md
@@ -0,0 +1,15 @@
+---
+title: IdentityProviderConnection
+---
+
+The connection type for IdentityProvider.
+
+## Fields without arguments
+
+| Name | Type | Description |
+|------|------|-------------|
+| `count` | [`Int!`](../scalar/int.md) | Total count of collection. |
+| `edges` | [`[IdentityProviderEdge]`](../object/identityprovideredge.md) | A list of edges. |
+| `nodes` | [`[IdentityProvider]`](../object/identityprovider.md) | A list of nodes. |
+| `pageInfo` | [`PageInfo!`](../object/pageinfo.md) | Information to aid in pagination. |
+
diff --git a/docs/graphql/object/identityprovideredge.md b/docs/graphql/object/identityprovideredge.md
@@ -0,0 +1,13 @@
+---
+title: IdentityProviderEdge
+---
+
+An edge in a connection.
+
+## Fields without arguments
+
+| Name | Type | Description |
+|------|------|-------------|
+| `cursor` | [`String!`](../scalar/string.md) | A cursor for use in pagination. |
+| `node` | [`IdentityProvider`](../object/identityprovider.md) | The item at the end of the edge. |
+
diff --git a/docs/graphql/object/oidcidentityproviderconfig.md b/docs/graphql/object/oidcidentityproviderconfig.md
@@ -0,0 +1,20 @@
+---
+title: OidcIdentityProviderConfig
+---
+
+Represents an OIDC identity provider configuration
+
+For more information see: https://github.com/code0-tech/code0-identities/blob/0.0.2/README.md#oauth-based
+
+## Fields without arguments
+
+| Name | Type | Description |
+|------|------|-------------|
+| `attributeStatements` | [`JSON!`](../scalar/json.md) | List of attribute statements for the OIDC identity provider |
+| `authorizationUrl` | [`String!`](../scalar/string.md) | The authorization URL for the OIDC identity provider |
+| `clientId` | [`String!`](../scalar/string.md) | The client ID for the OIDC identity provider |
+| `clientSecret` | [`String!`](../scalar/string.md) | The client secret for the OIDC identity provider |
+| `providerName` | [`String!`](../scalar/string.md) | The name of the OIDC identity provider |
+| `redirectUri` | [`String!`](../scalar/string.md) | The redirect URI for the OIDC identity provider |
+| `userDetailsUrl` | [`String!`](../scalar/string.md) | The user details URL for the OIDC identity provider |
+
diff --git a/docs/graphql/object/samlidentityproviderconfig.md b/docs/graphql/object/samlidentityproviderconfig.md
@@ -0,0 +1,18 @@
+---
+title: SamlIdentityProviderConfig
+---
+
+Represents the configuration for a SAML identity provider.
+
+For more information see: https://github.com/code0-tech/code0-identities/blob/0.0.2/README.md#saml
+
+## Fields without arguments
+
+| Name | Type | Description |
+|------|------|-------------|
+| `attributeStatements` | [`JSON!`](../scalar/json.md) | List of attribute statements for the SAML identity provider |
+| `metadataUrl` | [`String`](../scalar/string.md) | The metadata url to fetch the metadatas (replacement for settings) |
+| `providerName` | [`String!`](../scalar/string.md) | The name of the SAML identity provider |
+| `responseSettings` | [`JSON!`](../scalar/json.md) | The SAML response settings for the identity provider |
+| `settings` | [`JSON!`](../scalar/json.md) | The SAML settings for the identity provider |
+
diff --git a/docs/graphql/union/identityproviderconfig.md b/docs/graphql/union/identityproviderconfig.md
@@ -0,0 +1,10 @@
+---
+title: IdentityProviderConfig
+---
+
+Represents the configuration of an identity provider.
+
+## Possible types
+
+- [`OidcIdentityProviderConfig`](../object/oidcidentityproviderconfig.md)
+- [`SamlIdentityProviderConfig`](../object/samlidentityproviderconfig.md)
diff --git a/spec/graphql/types/application_settings_type_spec.rb b/spec/graphql/types/application_settings_type_spec.rb
@@ -7,6 +7,7 @@
     %w[
       userRegistrationEnabled
       organizationCreationRestricted
+      identityProviders
       adminStatusVisible
     ]
   end
diff --git a/spec/models/application_setting_spec.rb b/spec/models/application_setting_spec.rb
diff --git a/spec/requests/graphql/mutation/application_settings/update_mutation_spec.rb b/spec/requests/graphql/mutation/application_settings/update_mutation_spec.rb
