powerhome-scimitar 1.0.0

data/app/models/scimitar/resources/user.rb

@@ -0,0 +1,13 @@
+module Scimitar
+  module Resources
+    class User < Base
+
+      set_schema Schema::User
+
+      def self.endpoint
+        '/Users'
+      end
+
+    end
+  end
+end

data/app/models/scimitar/schema/address.rb

@@ -0,0 +1,25 @@
+module Scimitar
+  module Schema
+
+    # Represents the schema for the Address complex type.
+    #
+    # See also Scimitar::ComplexTypes::Address
+    #
+    class Address < Base
+
+      def self.scim_attributes
+        @scim_attributes ||= [
+          Attribute.new(name: 'type',          type: 'string'),
+          Attribute.new(name: 'primary',       type: 'boolean'),
+          Attribute.new(name: 'formatted',     type: 'string'),
+          Attribute.new(name: 'streetAddress', type: 'string'),
+          Attribute.new(name: 'locality',      type: 'string'),
+          Attribute.new(name: 'region',        type: 'string'),
+          Attribute.new(name: 'postalCode',    type: 'string'),
+          Attribute.new(name: 'country',       type: 'string'),
+        ]
+      end
+
+    end
+  end
+end

data/app/models/scimitar/schema/attribute.rb

@@ -0,0 +1,132 @@
+module Scimitar
+  module Schema
+
+    # Represents an attribute of a SCIM resource that is declared in its
+    # schema.
+    #
+    # Attributes can be simple or complex. A complex attribute needs to have
+    # its own schema that is passed to the initialize method when the attribute
+    # is instantiated.
+    #
+    # Examples:
+    #
+    #     Attribute.new(name: 'userName', type: 'string', uniqueness: 'server')
+    #     Attribute.new(name: 'name', complexType: Scimitar::ComplexTypes::Name)
+    #
+    class Attribute
+      include ActiveModel::Model
+      include Scimitar::Errors
+
+      attr_accessor :name,
+                    :type,
+                    :multiValued,
+                    :required,
+                    :caseExact,
+                    :mutability,
+                    :returned,
+                    :uniqueness,
+                    :subAttributes,
+                    :complexType,
+                    :canonicalValues
+
+      # +options+:: Hash of values to be used for instantiating the attribute
+      #             object. Some of the instance variables of the objects will
+      #             have default values if this hash does not contain anything
+      #             for them.
+      #
+      def initialize(options = {})
+        defaults = {
+          multiValued:     false,
+          required:        false,
+          caseExact:       false,
+          mutability:      'readWrite',
+          uniqueness:      'none',
+          returned:        'default',
+          canonicalValues: []
+        }
+
+        if options[:complexType]
+          defaults.merge!(type: 'complex', subAttributes: options[:complexType].schema.scim_attributes)
+        end
+
+        super(defaults.merge(options || {}))
+      end
+
+      # Validates a value against this attribute object. For simple attributes,
+      # it checks if blank is valid or not and if the type matches. For complex
+      # attributes, it delegates it to the valid? method of the complex type
+      # schema.
+      #
+      # If the value is not valid, validation message(s) are added to the
+      # #errors attribute of this object.
+      #
+      # +value+:: Value to check.
+      #
+      # Returns +true+ if value is valid for this attribute, else +false+.
+      #
+      def valid?(value)
+        return valid_blank? if value.blank? && !value.is_a?(FalseClass)
+
+        if type == 'complex'
+          return all_valid?(complexType, value) if multiValued
+          valid_complex_type?(value)
+        else
+          valid_simple_type?(value)
+        end
+      end
+
+      def valid_blank?
+        return true unless self.required
+        errors.add(self.name, 'is required')
+        false
+      end
+
+      def valid_complex_type?(value)
+        if !value.class.respond_to?(:schema) || value.class.schema != complexType.schema
+          errors.add(self.name, 'has to follow the complexType format.')
+          return false
+        end
+        value.class.schema.valid?(value)
+        return true if value.errors.empty?
+        add_errors_from_hash(errors_hash: value.errors.to_hash, prefix: self.name)
+        false
+      end
+
+      def valid_simple_type?(value)
+        if multiValued
+          valid = value.is_a?(Array) && value.all? { |v| simple_type?(v) }
+          errors.add(self.name, "or one of its elements has the wrong type. It has to be an array of #{self.type}s.") unless valid
+        else
+          valid = simple_type?(value)
+          errors.add(self.name, "has the wrong type. It has to be a(n) #{self.type}.") unless valid
+        end
+        valid
+      end
+
+      def simple_type?(value)
+        (type == 'string' && value.is_a?(String)) ||
+        (type == 'boolean' && (value.is_a?(TrueClass) || value.is_a?(FalseClass))) ||
+        (type == 'integer' && (value.is_a?(Integer))) ||
+        (type == 'dateTime' && valid_date_time?(value))
+      end
+
+      def valid_date_time?(value)
+        !!Time.iso8601(value)
+      rescue ArgumentError
+        false
+      end
+
+      def all_valid?(complex_type, value)
+        validations = value.map {|value_in_array| valid_complex_type?(value_in_array)}
+        validations.all?
+      end
+
+      def as_json(options = {})
+        options[:except] ||= ['complexType']
+        options[:except] << 'canonicalValues' if canonicalValues.empty?
+        super.except(options)
+      end
+
+    end
+  end
+end

data/app/models/scimitar/schema/base.rb

@@ -0,0 +1,90 @@
+module Scimitar
+  module Schema
+    # The base class that each schema class must inherit from.
+    # These classes represent the schema of a SCIM resource or a complex type that could be used in a resource.
+    class Base
+      include ActiveModel::Model
+      attr_accessor :id, :name, :description, :scim_attributes, :meta
+
+      def initialize(options = {})
+        super
+        @meta = Meta.new(resourceType: 'Schema')
+      end
+
+      # Converts the schema to its json representation that will be returned by /SCHEMAS end-point of a SCIM service provider.
+      def as_json(options = {})
+        @meta.location ||= Scimitar::Engine.routes.url_helpers.scim_schemas_path(name: id)
+        original = super
+        original.merge('attributes' => original.delete('scim_attributes'))
+      end
+
+      # Validates the resource against specific validations of each attribute,
+      # for example if the type of the attribute matches the one defined in the
+      # schema.
+      #
+      # +resource+:: A resource object that uses this schema.
+      #
+      def self.valid?(resource)
+        cloned_scim_attributes.each do |scim_attribute|
+          unless scim_attribute.valid?(resource.send(scim_attribute.name))
+            resource.add_errors_from_hash(errors_hash: scim_attribute.errors.to_hash)
+          end
+        end
+      end
+
+      def self.cloned_scim_attributes
+        scim_attributes.map { |scim_attribute| scim_attribute.clone }
+      end
+
+      # Find a given attribute this schema, travelling down a path to any
+      # sub-attributes within. Given that callers might be dealing with paths
+      # into actual SCIM data, array indices for multi-value attributes are
+      # allowed (as integers) and simply skipped - only the names are of
+      # interest.
+      #
+      # This is typically used to access attribute properties such as intended
+      # mutability ('readOnly', 'readWrite', 'immutable', 'writeOnly').
+      #
+      # Returns the found Scimitar::Schema::Attribute or "nil".
+      #
+      # *path:: One or more attribute names as Strings, or Integer indices.
+      #
+      # For example, in a User schema, passing "name", "givenName" would find
+      # the "givenName" attribute. Passing "emails", 0, "value" would find the
+      # schema attribute for "value" under "emails", ignoring the array index
+      # (since the schema is identical for each item in an array of values).
+      #
+      # See also Scimitar::Resources::Base::find_attribute
+      #
+      def self.find_attribute(*path)
+        found_attribute    = nil
+        current_attributes = self.scim_attributes()
+
+        until path.empty? do
+          current_path_entry = path.shift()
+          next if current_path_entry.is_a?(Integer) # Skip array indicies arising from multi-value attributes
+
+          current_path_entry = current_path_entry.to_s.downcase
+
+          found_attribute = current_attributes.find do | attribute_to_check |
+            attribute_to_check.name.to_s.downcase == current_path_entry
+          end
+
+          if found_attribute && path.present? # Any sub-attributes to check?...
+            if found_attribute.subAttributes.present? # ...and are any defined?
+              current_attributes = found_attribute.subAttributes
+            else
+              found_attribute = nil
+              break # NOTE EARLY EXIT - tried to find a sub-attribute but there are none
+            end
+          else
+            break # NOTE EARLY EXIT - no found attribute, or found target item at end of path
+          end
+        end # "until path.empty() do"
+
+        return found_attribute
+      end
+
+    end
+  end
+end

data/app/models/scimitar/schema/derived_attributes.rb

@@ -0,0 +1,24 @@
+module Scimitar
+  module Schema
+    module DerivedAttributes
+      extend ActiveSupport::Concern
+
+      class_methods do
+        def set_schema(schema)
+          @schema = schema
+          derive_attributes_from_schema(schema)
+          schema
+        end
+
+        def derive_attributes_from_schema(schema)
+          attr_accessor *schema.scim_attributes.map(&:name)
+        end
+
+        def schema
+          @schema
+        end
+      end
+
+    end
+  end
+end

data/app/models/scimitar/schema/email.rb

@@ -0,0 +1,10 @@
+module Scimitar
+  module Schema
+
+    # Represents the schema for the Email complex type.
+    #
+    # See also Scimitar::ComplexTypes::Email
+    #
+    class Email < Vdtp; end
+  end
+end

data/app/models/scimitar/schema/entitlement.rb

@@ -0,0 +1,10 @@
+module Scimitar
+  module Schema
+
+    # Represents the schema for the Entitlement complex type.
+    #
+    # See also Scimitar::ComplexTypes::Entitlement
+    #
+    class Entitlement < Vdtp; end
+  end
+end

data/app/models/scimitar/schema/group.rb

@@ -0,0 +1,27 @@
+module Scimitar
+  module Schema
+    # Represents the schema for the Group resource
+    # See also Scimitar::Resources::Group
+    class Group < Base
+
+      def initialize(options = {})
+        super(name: 'Group',
+              id: self.class.id,
+              description: 'Represents a Group',
+              scim_attributes: self.class.scim_attributes)
+      end
+
+      def self.id
+        'urn:ietf:params:scim:schemas:core:2.0:Group'
+      end
+
+      def self.scim_attributes
+        [
+          Attribute.new(name: 'displayName', type: 'string', required: true),
+          Attribute.new(name: 'members', multiValued: true, complexType: Scimitar::ComplexTypes::ReferenceMember, mutability: 'readWrite')
+        ]
+      end
+
+    end
+  end
+end

data/app/models/scimitar/schema/ims.rb

@@ -0,0 +1,10 @@
+module Scimitar
+  module Schema
+
+    # Represents the schema for the Ims (Instant Messaging) complex type.
+    #
+    # See also Scimitar::ComplexTypes::Ims
+    #
+    class Ims < Vdtp; end
+  end
+end

data/app/models/scimitar/schema/name.rb

@@ -0,0 +1,20 @@
+module Scimitar
+  module Schema
+    # Represents the schema for the Name complex type
+    # See also Scimitar::ComplexTypes::Name
+    class Name < Base
+
+      def self.scim_attributes
+        @scim_attributes ||= [
+          Attribute.new(name: 'familyName',       type: 'string', required: true),
+          Attribute.new(name: 'givenName',        type: 'string', required: true),
+          Attribute.new(name: 'middleName',       type: 'string'),
+          Attribute.new(name: 'formatted',        type: 'string'),
+          Attribute.new(name: 'honorificPrefix',  type: 'string'),
+          Attribute.new(name: 'honorificSuffix',  type: 'string'),
+        ]
+      end
+
+    end
+  end
+end

data/app/models/scimitar/schema/phone_number.rb

@@ -0,0 +1,10 @@
+module Scimitar
+  module Schema
+
+    # Represents the schema for the PhoneNumber complex type.
+    #
+    # See also Scimitar::ComplexTypes::PhoneNumber
+    #
+    class PhoneNumber < Vdtp; end
+  end
+end

data/app/models/scimitar/schema/photo.rb

@@ -0,0 +1,10 @@
+module Scimitar
+  module Schema
+
+    # Represents the schema for the Photo complex type.
+    #
+    # See also Scimitar::ComplexTypes::Photo
+    #
+    class Photo < Vdtp; end
+  end
+end

data/app/models/scimitar/schema/reference_group.rb

@@ -0,0 +1,23 @@
+module Scimitar
+  module Schema
+
+    # Represents the schema for the ReferenceGroup complex type,
+    # referring to a group of which a user is a member - used in
+    # a User SCIM resource's "groups" array.
+    #
+    # These are always read-only, with no ability to change the
+    # membership list through a User. Change via Groups instead.
+    #
+    # See also Scimitar::ComplexTypes::ReferenceGroup
+    #
+    class ReferenceGroup < Base
+      def self.scim_attributes
+        @scim_attributes ||= [
+          Attribute.new(name: 'value',   type: 'string', mutability: 'readOnly', required: true),
+          Attribute.new(name: 'display', type: 'string', mutability: 'readOnly'),
+          Attribute.new(name: 'type',    type: 'string', mutability: 'readOnly'),
+        ]
+      end
+    end
+  end
+end

data/app/models/scimitar/schema/reference_member.rb

@@ -0,0 +1,21 @@
+module Scimitar
+  module Schema
+
+    # Represents the schema for the ReferenceMember complex type,
+    # referring to a member of a group (where members can themselves
+    # be Users or Groups, identified by the "type" attribute). Used
+    # by the Group SCIM resource's "members" array.
+    #
+    # See also Scimitar::ComplexTypes::ReferenceMember
+    #
+    class ReferenceMember < Base
+      def self.scim_attributes
+        @scim_attributes ||= [
+          Attribute.new(name: 'value',    type: 'string', mutability: 'immutable', required: true),
+          Attribute.new(name: 'type',     type: 'string', mutability: 'immutable'),
+          Attribute.new(name: 'display',  type: 'string', mutability: 'immutable'),
+        ]
+      end
+    end
+  end
+end

data/app/models/scimitar/schema/role.rb

@@ -0,0 +1,10 @@
+module Scimitar
+  module Schema
+
+    # Represents the schema for the Role complex type.
+    #
+    # See also Scimitar::ComplexTypes::Role
+    #
+    class Role < Vdtp; end
+  end
+end

data/app/models/scimitar/schema/user.rb

@@ -0,0 +1,52 @@
+module Scimitar
+  module Schema
+    # Represents the schema for the User resource
+    # See also Scimitar::Resources::User
+    class User < Base
+
+      def initialize(options = {})
+        super(name: 'User',
+              id: self.class.id,
+              description: 'Represents a User',
+              scim_attributes: self.class.scim_attributes)
+
+      end
+
+      def self.id
+        'urn:ietf:params:scim:schemas:core:2.0:User'
+      end
+
+      def self.scim_attributes
+        [
+          Attribute.new(name: 'userName',          type: 'string', uniqueness: 'server', required: true),
+
+          Attribute.new(name: 'name', complexType: Scimitar::ComplexTypes::Name),
+
+          Attribute.new(name: 'displayName',       type: 'string'),
+          Attribute.new(name: 'nickName',          type: 'string'),
+          Attribute.new(name: 'profileUrl',        type: 'string'),
+          Attribute.new(name: 'title',             type: 'string'),
+          Attribute.new(name: 'userType',          type: 'string'),
+          Attribute.new(name: 'preferredLanguage', type: 'string'),
+          Attribute.new(name: 'locale',            type: 'string'),
+          Attribute.new(name: 'timezone',          type: 'string'),
+
+          Attribute.new(name: 'active',            type: 'boolean'),
+
+          Attribute.new(name: 'password',          type: 'string', mutability: 'writeOnly', returned: 'never'),
+
+          Attribute.new(name: 'emails',           multiValued: true, complexType: Scimitar::ComplexTypes::Email),
+          Attribute.new(name: 'phoneNumbers',     multiValued: true, complexType: Scimitar::ComplexTypes::PhoneNumber),
+          Attribute.new(name: 'ims',              multiValued: true, complexType: Scimitar::ComplexTypes::Ims),
+          Attribute.new(name: 'photos',           multiValued: true, complexType: Scimitar::ComplexTypes::Photo),
+          Attribute.new(name: 'addresses',        multiValued: true, complexType: Scimitar::ComplexTypes::Address),
+          Attribute.new(name: 'groups',           multiValued: true, complexType: Scimitar::ComplexTypes::ReferenceGroup, mutability: 'readOnly'),
+          Attribute.new(name: 'entitlements',     multiValued: true, complexType: Scimitar::ComplexTypes::Entitlement),
+          Attribute.new(name: 'roles',            multiValued: true, complexType: Scimitar::ComplexTypes::Role),
+          Attribute.new(name: 'x509Certificates', multiValued: true, complexType: Scimitar::ComplexTypes::X509Certificate),
+        ]
+      end
+
+    end
+  end
+end

data/app/models/scimitar/schema/vdtp.rb

@@ -0,0 +1,18 @@
+module Scimitar
+  module Schema
+
+    # Represents a common schema for a few complex types; base class DRYs up
+    # code. "Vdtp" - Value, Display, Type, Primary.
+    #
+    class Vdtp < Base
+      def self.scim_attributes
+        @scim_attributes ||= [
+          Attribute.new(name: 'value',   type: 'string', required: Scimitar.engine_configuration.optional_value_fields_required),
+          Attribute.new(name: 'display', type: 'string', mutability: 'readOnly'),
+          Attribute.new(name: 'type',    type: 'string'),
+          Attribute.new(name: 'primary', type: 'boolean'),
+        ]
+      end
+    end
+  end
+end

data/app/models/scimitar/schema/x509_certificate.rb

@@ -0,0 +1,22 @@
+module Scimitar
+  module Schema
+
+    # Represents the schema for the X509Certificate complex type.
+    # The 'value' holds the certificate data.
+    #
+    # Similar to the Vdtp class, but the "value" field is of type "binary".
+    #
+    # See also Scimitar::ComplexTypes::X509Certificate
+    #
+    class X509Certificate < Base
+      def self.scim_attributes
+        @scim_attributes ||= [
+          Attribute.new(name: 'value',   type: 'binary', required: true),
+          Attribute.new(name: 'display', type: 'string', mutability: 'readOnly'),
+          Attribute.new(name: 'type',    type: 'string'),
+          Attribute.new(name: 'primary', type: 'boolean'),
+        ]
+      end
+    end
+  end
+end

data/app/models/scimitar/service_provider_configuration.rb

@@ -0,0 +1,60 @@
+module Scimitar
+
+  # Represents the service provider info. Used by the /ServiceProviderConfig
+  # endpoint to provide specification compliance, authentication schemes and
+  # data models. Renders to JSON as a SCIM ServiceProviderConfig type.
+  #
+  # See config/initializers/scimitar.rb for more information.
+  #
+  class ServiceProviderConfiguration
+    include ActiveModel::Model
+
+    attr_accessor(
+      :uses_defaults,
+      :patch,
+      :bulk,
+      :filter,
+      :changePassword,
+      :sort,
+      :etag,
+      :authenticationSchemes,
+      :schemas,
+      :meta,
+    )
+
+    def initialize(attributes = {})
+      @uses_defaults = attributes.empty?
+
+      defaults = {
+        bulk:           Supportable.unsupported,
+        changePassword: Supportable.unsupported,
+        sort:           Supportable.unsupported,
+        etag:           Supportable.unsupported,
+
+        patch: Supportable.supported,
+
+        filter: Scimitar::Filter.new(
+          supported:  true,
+          maxResults: Scimitar::Filter::MAX_RESULTS_DEFAULT
+        ),
+
+        schemas: ["urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"],
+
+        meta: Meta.new(
+          resourceType: 'ServiceProviderConfig',
+          created:      Time.now,
+          lastModified: Time.now,
+          version:      '1'
+        ),
+
+        authenticationSchemes: [
+          AuthenticationScheme.basic,
+          AuthenticationScheme.bearer
+        ]
+      }
+
+      super(defaults.merge(attributes))
+    end
+
+  end
+end

data/app/models/scimitar/supportable.rb

@@ -0,0 +1,14 @@
+module Scimitar
+  class Supportable
+    include ActiveModel::Model
+    attr_accessor :supported
+
+    def self.supported
+      new(supported: true)
+    end
+
+    def self.unsupported
+      new(supported: false)
+    end
+  end
+end

data/app/views/layouts/scimitar/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Scimitar</title>
+  <%= stylesheet_link_tag    "scimitar/application", media: "all" %>
+  <%= javascript_include_tag "scimitar/application" %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>