powerhome-scimitar 1.0.0

data/spec/controllers/scimitar/application_controller_spec.rb

@@ -0,0 +1,296 @@
+require 'spec_helper'
+
+RSpec.describe Scimitar::ApplicationController do
+  context 'basic authentication' do
+    before do
+      Scimitar.engine_configuration = Scimitar::EngineConfiguration.new(
+        basic_authenticator: Proc.new do | username, password |
+          username == 'A' && password == 'B'
+        end
+      )
+    end
+
+    controller do
+      rescue_from StandardError, with: :handle_resource_not_found
+
+      def index
+        render json: { 'message' => 'cool, cool!' }, format: :scim
+      end
+    end
+
+    it 'renders success when valid creds are given' do
+      request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials('A', 'B')
+
+      get :index, params: { format: :scim }
+      expect(response).to be_ok
+      expect(JSON.parse(response.body)).to eql({ 'message' => 'cool, cool!' })
+      expect(response.headers['WWW-Authenticate']).to eql('Basic')
+    end
+
+    it 'renders failure with bad password' do
+      request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials('A', 'C')
+
+      get :index, params: { format: :scim }
+      expect(response).not_to be_ok
+    end
+
+    it 'renders failure with bad user name' do
+      request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials('C', 'B')
+
+      get :index, params: { format: :scim }
+      expect(response).not_to be_ok
+    end
+
+    it 'renders failure with bad user name and password' do
+      request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials('C', 'D')
+
+      get :index, params: { format: :scim }
+      expect(response).not_to be_ok
+    end
+
+    it 'renders failure with blank password' do
+      request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials('A', '')
+
+      get :index, params: { format: :scim }
+      expect(response).not_to be_ok
+    end
+
+    it 'renders failure with missing header' do
+      get :index, params: { format: :scim }
+      expect(response).not_to be_ok
+    end
+  end
+
+  context 'token authentication' do
+    before do
+      Scimitar.engine_configuration = Scimitar::EngineConfiguration.new(
+        token_authenticator: Proc.new do | token, options |
+          token == 'A'
+        end
+      )
+    end
+
+    controller do
+      rescue_from StandardError, with: :handle_resource_not_found
+
+      def index
+        render json: { 'message' => 'cool, cool!' }, format: :scim
+      end
+    end
+
+    it 'renders success when valid creds are given' do
+      request.env['HTTP_AUTHORIZATION'] = 'Bearer A'
+
+      get :index, params: { format: :scim }
+      expect(response).to be_ok
+      expect(JSON.parse(response.body)).to eql({ 'message' => 'cool, cool!' })
+      expect(response.headers['WWW-Authenticate']).to eql('Bearer')
+    end
+
+    it 'renders failure with bad token' do
+      request.env['HTTP_AUTHORIZATION'] = 'Bearer Invalid'
+
+      get :index, params: { format: :scim }
+      expect(response).not_to be_ok
+    end
+
+    it 'renders failure with blank token' do
+      request.env['HTTP_AUTHORIZATION'] = 'Bearer'
+
+      get :index, params: { format: :scim }
+      expect(response).not_to be_ok
+    end
+
+    it 'renders failure with missing header' do
+      get :index, params: { format: :scim }
+      expect(response).not_to be_ok
+    end
+  end
+
+  context 'authenticator evaluated within controller context' do
+
+    # Define a controller with a custom instance method 'valid_token'.
+    #
+    controller do
+      def index
+        render json: { 'message' => 'cool, cool!' }, format: :scim
+      end
+
+      def valid_token
+        'B'
+      end
+    end
+
+    # Call the above controller method from the token authenticator Proc,
+    # proving that it was executed in the controller's context.
+    #
+    before do
+      Scimitar.engine_configuration = Scimitar::EngineConfiguration.new(
+        token_authenticator: Proc.new do | token, options |
+          token == self.valid_token()
+        end
+      )
+    end
+
+    it 'renders success when valid creds are given' do
+      request.env['HTTP_AUTHORIZATION'] = 'Bearer B'
+
+      get :index, params: { format: :scim }
+      expect(response).to be_ok
+      expect(JSON.parse(response.body)).to eql({ 'message' => 'cool, cool!' })
+      expect(response.headers['WWW-Authenticate']).to eql('Bearer')
+    end
+
+    it 'renders failure with bad token' do
+      request.env['HTTP_AUTHORIZATION'] = 'Bearer Invalid'
+
+      get :index, params: { format: :scim }
+      expect(response).not_to be_ok
+    end
+
+    it 'renders failure with blank token' do
+      request.env['HTTP_AUTHORIZATION'] = 'Bearer'
+
+      get :index, params: { format: :scim }
+      expect(response).not_to be_ok
+    end
+
+    it 'renders failure with missing header' do
+      get :index, params: { format: :scim }
+      expect(response).not_to be_ok
+    end
+  end
+
+  context 'authenticated' do
+    controller do
+      rescue_from StandardError, with: :handle_resource_not_found
+
+      def index
+        render json: { 'message' => 'cool, cool!' }, format: :scim
+      end
+
+      def authenticated?
+        true
+      end
+    end
+
+    context 'authenticate' do
+      it 'renders index if authenticated' do
+        get :index, params: { format: :scim }
+        expect(response).to be_ok
+        expect(JSON.parse(response.body)).to eql({ 'message' => 'cool, cool!' })
+      end
+
+      it 'renders not authorized response if not authenticated' do
+        allow(controller()).to receive(:authenticated?) { false }
+        get :index, params: { format: :scim }
+        expect(response).to have_http_status(:unauthorized)
+        parsed_body = JSON.parse(response.body)
+        expect(parsed_body).to include('schemas' => ['urn:ietf:params:scim:api:messages:2.0:Error'])
+        expect(parsed_body).to include('detail' => 'Requires authentication')
+        expect(parsed_body).to include('status' => '401')
+      end
+
+      it 'renders resource not found response when resource cannot be found for the given id' do
+        allow(controller()).to receive(:index).and_raise(StandardError)
+        get :index, params: { id: 10, format: :scim }
+        expect(response).to have_http_status(:not_found)
+        parsed_body = JSON.parse(response.body)
+        expect(parsed_body).to include('schemas' => ['urn:ietf:params:scim:api:messages:2.0:Error'])
+        expect(parsed_body).to include('detail' => 'Resource "10" not found')
+        expect(parsed_body).to include('status' => '404')
+      end
+    end
+  end
+
+  context 'error handling' do
+    controller do
+      def index
+        raise 'Bang'
+      end
+
+      def authenticated?
+        true
+      end
+    end
+
+    it 'handles general exceptions automatically' do
+      get :index, params: { format: :scim }
+
+      expect(response).to have_http_status(:internal_server_error)
+      parsed_body = JSON.parse(response.body)
+      expect(parsed_body).to include('schemas' => ['urn:ietf:params:scim:api:messages:2.0:Error'])
+      expect(parsed_body).to include('status' => '500')
+      expect(parsed_body).to include('detail' => 'Bang')
+    end
+
+    context 'with an exception reporter' do
+      around :each do | example |
+        original_configuration = Scimitar.engine_configuration.exception_reporter
+        Scimitar.engine_configuration.exception_reporter = Proc.new do | exception |
+          @exception = exception
+        end
+        example.run()
+      ensure
+        Scimitar.engine_configuration.exception_reporter = original_configuration
+      end
+
+      context 'and "internal server error"' do
+        it 'is invoked' do
+          get :index, params: { format: :scim }
+
+          expect(@exception).to be_a(RuntimeError)
+          expect(@exception.message).to eql('Bang')
+        end
+      end
+
+      context 'and "not found"' do
+        controller do
+          def index
+            handle_resource_not_found(ActiveRecord::RecordNotFound.new(42))
+          end
+        end
+
+        it 'is invoked' do
+          get :index, params: { format: :scim }
+
+          expect(@exception).to be_a(ActiveRecord::RecordNotFound)
+          expect(@exception.message).to eql('42')
+        end
+      end
+
+      context 'and bad JSON' do
+        controller do
+          def index
+            begin
+              raise 'Hello'
+            rescue
+              raise ActionDispatch::Http::Parameters::ParseError
+            end
+          end
+        end
+
+        it 'is invoked' do
+          get :index, params: { format: :scim }
+
+          expect(@exception).to be_a(ActionDispatch::Http::Parameters::ParseError)
+          expect(@exception.message).to eql('Hello')
+        end
+      end
+
+      context 'and a bad content type' do
+        controller do
+          def index; end
+        end
+
+        it 'is invoked' do
+          request.headers['Content-Type'] = 'text/plain'
+          get :index
+
+          expect(@exception).to be_a(Scimitar::ErrorResponse)
+          expect(@exception.message).to eql('Only application/scim+json type is accepted.')
+        end
+      end
+    end # "context 'exception reporter' do"
+  end # "context 'error handling' do"
+end

data/spec/controllers/scimitar/resource_types_controller_spec.rb

@@ -0,0 +1,94 @@
+require 'spec_helper'
+
+RSpec.describe Scimitar::ResourceTypesController do
+  routes { Scimitar::Engine.routes }
+
+  before(:each) { allow(controller).to receive(:authenticated?).and_return(true) }
+
+  context 'GET index' do
+    it 'renders the resource type for user' do
+      get :index, format: :scim
+      response_hash = JSON.parse(response.body)
+      expected_response = [ Scimitar::Resources::User.resource_type(scim_resource_type_url(name: 'User', test: 1)),
+                            Scimitar::Resources::Group.resource_type(scim_resource_type_url(name: 'Group', test: 1))
+      ].to_json
+
+      response_hash = JSON.parse(response.body)
+      expect(response_hash).to eql(JSON.parse(expected_response))
+    end
+
+    context 'with custom resource types' do
+      around :each do | example |
+        example.run()
+      ensure
+        Scimitar::Engine.reset_custom_resources
+      end
+
+      it 'renders them' do
+        custom_resource = Class.new(Scimitar::Resources::Base) do
+          set_schema Scimitar::Schema::User
+
+          def self.endpoint
+            "/Gaga"
+          end
+
+          def self.resource_type_id
+            'Gaga'
+          end
+        end
+
+        Scimitar::Engine.add_custom_resource(custom_resource)
+
+        get :index, params: { format: :scim }
+        response_hash = JSON.parse(response.body)
+        expect(response_hash.size).to eql(3)
+      end
+    end
+  end
+
+  context 'GET show' do
+    it 'renders the resource type for user' do
+      get :show, params: { name: 'User', format: :scim }
+      response_hash = JSON.parse(response.body)
+      expected_response = Scimitar::Resources::User.resource_type(scim_resource_type_url(name: 'User')).to_json
+      expect(response_hash).to eql(JSON.parse(expected_response))
+    end
+
+    it 'renders the resource type for group' do
+      get :show, params: { name: 'Group', format: :scim }
+      response_hash = JSON.parse(response.body)
+      expected_response = Scimitar::Resources::Group.resource_type(scim_resource_type_url(name: 'Group')).to_json
+      expect(response_hash).to eql(JSON.parse(expected_response))
+    end
+
+    it 'renders custom resource type' do
+      custom_resource = Class.new(Scimitar::Resources::Base) do
+        set_schema Scimitar::Schema::User
+
+        def self.endpoint
+          "/Gaga"
+        end
+
+        def self.resource_type_id
+          'Gaga'
+        end
+      end
+
+      allow(Scimitar::Engine).to receive(:custom_resources) {[ custom_resource ]}
+
+      get :show, params: { name: 'Gaga', format: :scim }
+      response_hash = JSON.parse(response.body)
+      expected_response = custom_resource.resource_type(scim_resource_type_url(name: 'Gaga')).to_json
+      expect(response_hash).to eql(JSON.parse(expected_response))
+    end
+
+    it 'renders 404 if not recognised' do
+      get :show, params: { name: 'Foo', format: :scim }
+      expect(response).to have_http_status(:not_found)
+      response_hash = JSON.parse(response.body)
+      expect(response_hash['schemas']).to eql(['urn:ietf:params:scim:api:messages:2.0:Error'])
+      expect(response_hash['status' ]).to eql('404')
+      expect(response_hash['detail' ]).to eql('Resource "Foo" not found')
+    end
+  end
+end

data/spec/controllers/scimitar/resources_controller_spec.rb

@@ -0,0 +1,247 @@
+require 'spec_helper'
+
+RSpec.describe Scimitar::ResourcesController do
+  class FakeGroup
+    include ActiveModel::Model
+
+    attr_accessor :scim_id
+    attr_accessor :display_name
+    attr_accessor :member_names
+
+    def self.scim_resource_type
+      return Scimitar::Resources::Group
+    end
+
+    def self.scim_attributes_map
+      return {
+        id:          :id,
+        externalId:  :scim_id,
+        displayName: :display_name,
+        members:     :member_names
+      }
+    end
+
+    def self.scim_mutable_attributes
+      return nil
+    end
+
+    def self.scim_queryable_attributes
+      return { displayName: display_name }
+    end
+
+    include Scimitar::Resources::Mixin
+  end
+
+  let(:parsed_response) { JSON.parse(response.body, symbolize_names: true) }
+
+  before(:each) do
+    allow(controller()).to receive(:authenticated?).and_return(true)
+    allow(FakeGroup   ).to receive(:all).and_return(double('ActiveRecord::Relation', where: []))
+  end
+
+  controller do
+    def index
+      super(FakeGroup.all) do | fake_group |
+        fake_group
+      end
+    end
+
+    def show
+      super do |id|
+        Scimitar::Resources::Group.new(id: id)
+      end
+    end
+
+    def create
+      super do |resource|
+        resource
+      end
+    end
+
+    def replace
+      super do |record_id, resource|
+        resource
+      end
+    end
+
+    # PATCH is more easily (and comprehensively) tested via
+    # spec/requests/active_record_backed_resources_controller_spec.rb.
+    #
+    def update # PATCH
+      raise NotImplementedError
+    end
+
+    def destroy
+      super do |id|
+        successful_delete?
+      end
+    end
+
+    def successful_delete? # Just a test hook
+      true
+    end
+
+    protected
+
+      def storage_class
+        FakeGroup
+      end
+  end
+
+  context 'GET show' do
+    it 'renders the resource' do
+      get :show, params: { id: '10', format: :scim }
+      expect(response.status).to eql(200)
+      expect(parsed_response()).to include(id: '10')
+    end
+  end
+
+  context 'POST create' do
+    it 'returns error if body is missing' do
+      post :create, params: { format: :scim }
+      expect(response.status).to eql(400)
+      expect(parsed_response()[:detail]).to eql('must provide a request body')
+    end
+
+    it 'works if the request is valid' do
+      post :create, params: { displayName: 'Sauron biz', format: :scim }
+      expect(response).to have_http_status(:created)
+      expect(parsed_response()[:displayName]).to eql('Sauron biz')
+    end
+
+    it 'renders error if resource object cannot be built from the params' do
+      @routes.draw do
+        put 'scimitar/resources/:id', action: 'replace', controller: 'scimitar/resources'
+      end
+      put :replace, params: { id: 'group-id', name: {email: 'a@b.com'}, format: :scim }
+
+      expect(response.status).to eql(400)
+      expect(parsed_response()[:detail]).to match(/^Invalid/)
+    end
+
+    it 'renders application side error' do
+      expect_any_instance_of(Scimitar::Resources::Group).to receive(:to_json).and_raise(Scimitar::ErrorResponse.new(status: 400, detail: 'gaga'))
+
+      @routes.draw do
+        put 'scimitar/resources/:id', action: 'replace', controller: 'scimitar/resources'
+      end
+      put :replace, params: { id: 'group-id', displayName: 'invalid name', format: :scim }
+
+      expect(response.status).to eql(400)
+      expect(parsed_response()[:detail]).to eql('gaga')
+    end
+
+    it 'renders externalId if provided' do
+      post :create, params: { externalId: 'some-id', displayName: 'sauron', format: :scim }
+
+      expect(response).to have_http_status(:created)
+
+      expect(parsed_response()[:displayName]).to eql('sauron')
+      expect(parsed_response()[:externalId]).to eql('some-id')
+    end
+
+    it 'maps internal NoMethodError failures to "Invalid request"' do
+      expect(controller()).to receive(:validate_request) { raise NoMethodError.new }
+
+      post :create, params: { externalId: 'some-id', displayName: 'sauron', format: :scim }
+
+      expect(response.status).to eql(400)
+      expect(parsed_response()[:detail]).to eql('Invalid request')
+    end
+  end
+
+  context 'PUT update' do
+    it 'returns error if body is missing' do
+      @routes.draw do
+        put 'scimitar/resources/:id', action: 'replace', controller: 'scimitar/resources'
+      end
+      put :replace, params: { id: 'group-id', format: :scim }
+
+      expect(response.status).to eql(400)
+      expect(parsed_response()[:detail]).to eql('must provide a request body')
+    end
+
+    it 'works if the request is valid' do
+      @routes.draw do
+        put 'scimitar/resources/:id', action: 'replace', controller: 'scimitar/resources'
+      end
+      put :replace, params: { id: 'group-id', displayName: 'sauron', format: :scim }
+
+      expect(response.status).to eql(200)
+      expect(parsed_response()[:displayName]).to eql('sauron')
+    end
+
+    it 'renders error if resource object cannot be built from the params' do
+      @routes.draw do
+        put 'scimitar/resources/:id', action: 'replace', controller: 'scimitar/resources'
+      end
+      put :replace, params: { id: 'group-id', name: {email: 'a@b.com'}, format: :scim }
+
+      expect(response.status).to eql(400)
+      expect(parsed_response()[:detail]).to match(/^Invalid/)
+    end
+
+    it 'renders application side error' do
+      allow_any_instance_of(Scimitar::Resources::Group).to receive(:to_json).and_raise(Scimitar::ErrorResponse.new(status: 400, detail: 'gaga'))
+
+      @routes.draw do
+        put 'scimitar/resources/:id', action: 'replace', controller: 'scimitar/resources'
+      end
+      put :replace, params: { id: 'group-id', displayName: 'invalid name', format: :scim }
+
+      expect(response.status).to eql(400)
+      expect(parsed_response()[:detail]).to eql('gaga')
+    end
+
+  end
+
+  context 'DELETE destroy' do
+    it 'returns an empty response with no content status if deletion is successful' do
+      delete :destroy, params: { id: 'group-id', format: :scim }
+      expect(response).to have_http_status(:no_content)
+      expect(response.body).to be_empty
+    end
+
+    it 'renders error if deletion fails' do
+      allow(controller()).to receive(:successful_delete?).and_return(false)
+      delete :destroy, params: { id: 'group-id', format: :scim }
+      expect(response).to have_http_status(:internal_server_error)
+      expect(parsed_response()[:detail]).to eql("Failed to delete the resource with id 'group-id'. Please try again later.")
+    end
+  end
+
+  context 'service methods' do
+    context '#scim_pagination_info' do
+      it 'applies defaults' do
+        result = controller().send(:scim_pagination_info)
+
+        expect(result.limit).to eql(Scimitar.service_provider_configuration(location: nil).filter.maxResults)
+        expect(result.offset).to eql(0)
+        expect(result.start_index).to eql(1)
+        expect(result.total).to be_nil
+      end
+
+      it 'reads parameters' do
+        allow(controller()).to receive(:params).and_return({count: '10', startIndex: '5'})
+
+        result = controller().send(:scim_pagination_info)
+
+        expect(result.limit).to eql(10)
+        expect(result.offset).to eql(4)
+        expect(result.start_index).to eql(5)
+      end
+
+      it 'accepts an up-front total' do
+        result = controller().send(:scim_pagination_info, 150)
+
+        expect(result.total).to eql(150)
+      end
+    end # "context '#scim_pagination_info' do"
+
+    context '#storage_class' do
+      it 'raises "not implemented" to warn subclass authors' do
+        expect { described_class.new.send(:storage_class) }.to raise_error(NotImplementedError)
+      end
+    end # "context '#storage_class' do"
+  end # "context 'service methods' do"
+end