scim_engine 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 84aac5eb3121ba10036412a4c5d8ae959cf8fc99
+  data.tar.gz: f9c50a53333b47f4e6961dfa2a9fe256d2f207c7
+SHA512:
+  metadata.gz: 0bbf31701459d913599fdd83dd90b0120e19fc3c1cbff4133070293d93191044fb82fd2b2df79257544ee24618704d90946ebfea69ea632f243e30af0965584c
+  data.tar.gz: a53d3895e691a9aaa7ae5b4adfd7755d430c129b36b820c91a48568b03548a84e1b4673ab207dfae95b78ea03fd15c731369dda4a2c9bcc95c181e881cde6bdd

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2018 
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,25 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'ScimEngine'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+
+load 'rails/tasks/statistics.rake'
+
+
+
+Bundler::GemHelper.install_tasks

data/app/controllers/scim_engine/application_controller.rb

@@ -0,0 +1,36 @@
+module ScimEngine
+  class ApplicationController < ActionController::Base
+    before_action :require_scim
+    before_action :authenticate
+
+    protected
+
+    def authenticated?
+      authenticate_with_http_basic do |name, password|
+        name == ScimEngine::Engine.username && password == ScimEngine::Engine.password
+      end
+    end
+
+    def authenticate
+      handle_scim_error(ScimEngine::AuthenticationError.new) unless authenticated?
+    end
+
+    def handle_resource_not_found(exception)
+      handle_scim_error(NotFoundError.new(params[:id]))
+    end
+
+    def handle_record_invalid(error_message)
+      handle_scim_error(ErrorResponse.new(status: 400, detail: "Operation failed since record has become invalid: #{error_message}"))
+    end
+
+    def handle_scim_error(error_response)
+      render json: error_response, status: error_response.status
+    end
+
+    def require_scim
+      unless request.format == :scim
+        handle_scim_error(ErrorResponse.new(status: 406, detail: "Only #{Mime::Type.lookup_by_extension(:scim)} type is accepted."))
+      end
+    end
+  end
+end

data/app/controllers/scim_engine/resource_types_controller.rb

@@ -0,0 +1,22 @@
+require_dependency "scim_engine/application_controller"
+
+module ScimEngine
+  class ResourceTypesController < ApplicationController
+    def index
+      resource_types = ScimEngine::Engine.resources.map do |resource|
+        resource.resource_type(scim_resource_type_url(name: resource.resource_type_id))
+      end
+
+      render json: resource_types
+    end
+
+    def show
+      resource_types = ScimEngine::Engine.resources.reduce({}) do |hash, resource|
+        hash[resource.resource_type_id] = resource.resource_type(scim_resource_type_url(name: resource.resource_type_id))
+        hash
+      end
+
+      render json: resource_types[params[:name]]
+    end
+  end
+end

data/app/controllers/scim_engine/resources_controller.rb

@@ -0,0 +1,71 @@
+require_dependency "scim_engine/application_controller"
+
+module ScimEngine
+  class ResourcesController < ApplicationController
+
+    def show(&block)
+      scim_user = yield resource_params[:id]
+      render json: scim_user
+    rescue ErrorResponse => error
+      handle_scim_error(error)
+    end
+
+    def create(resource_type, &block)
+      if resource_params[:id].present? || resource_params[:externalId].present?
+        handle_scim_error(ErrorResponse.new(status: 400, detail: 'id and externalId are not valid parameters for create'))
+        return
+      end
+      with_scim_resource(resource_type) do |resource|
+        render json: yield(resource, is_create: true), status: :created
+      end
+    end
+
+    def update(resource_type, &block)
+      with_scim_resource(resource_type) do |resource|
+        render json: yield(resource)
+      end
+    end
+
+    def destroy
+      if yield(resource_params[:id]) != false
+        head :no_content
+      else
+        handle_scim_error(ErrorResponse.new(status: 500, detail: "Failed to delete the resource with id '#{params[:id]}'. Please try again later"))
+      end
+    end
+
+    protected
+
+    def validate_request
+      if request.raw_post.blank?
+        raise ScimEngine::ErrorResponse.new(status: 400, detail: 'must provide a request body')
+      end
+    end
+
+    def with_scim_resource(resource_type)
+      validate_request
+      begin
+        resource = resource_type.new(resource_params.to_h)
+        unless resource.valid?
+          raise ScimEngine::ErrorResponse.new(status: 400,
+                                              detail: "Invalid resource: #{resource.errors.full_messages.join(', ')}.",
+                                              scimType: 'invalidValue')
+        end
+
+        yield(resource)
+      rescue NoMethodError => error
+        Rails.logger.error error
+        raise ScimEngine::ErrorResponse.new(status: 400, detail: 'invalid request')
+      end
+    rescue ScimEngine::ErrorResponse => error
+      handle_scim_error(error)
+    end
+
+    private
+
+    def resource_params
+      params.permit!
+    end
+
+  end
+end

data/app/controllers/scim_engine/schemas_controller.rb

@@ -0,0 +1,16 @@
+require_dependency "scim_engine/application_controller"
+
+module ScimEngine
+  class SchemasController < ApplicationController
+    def index
+      schemas = ScimEngine::Engine.schemas
+      schemas_by_id = schemas.reduce({}) do |hash, schema|
+        hash[schema.id] = schema
+        hash
+      end
+
+      render json: schemas_by_id[params[:name]] || schemas
+    end
+
+  end
+end

data/app/controllers/scim_engine/service_provider_configurations_controller.rb

@@ -0,0 +1,8 @@
+require_dependency "scim_engine/application_controller"
+module ScimEngine
+  class ServiceProviderConfigurationsController < ApplicationController
+    def show
+      render json: ScimEngine.service_provider_configuration(location: request.url)
+    end
+  end
+end

data/app/models/scim_engine/authentication_error.rb

@@ -0,0 +1,9 @@
+module ScimEngine
+
+  class AuthenticationError < ErrorResponse
+    def initialize
+      super(status: 401, detail: 'Requires authentication')
+    end
+
+  end
+end

data/app/models/scim_engine/authentication_scheme.rb

@@ -0,0 +1,12 @@
+module ScimEngine
+  class AuthenticationScheme
+    include ActiveModel::Model
+    attr_accessor :type, :name, :description
+
+    def self.basic
+      new type: 'httpbasic',
+        name: 'HTTP Basic',
+        description: 'Authentication scheme using the HTTP Basic Standard'
+    end
+  end
+end

data/app/models/scim_engine/bulk.rb

@@ -0,0 +1,5 @@
+module ScimEngine
+  class Bulk < Supportable
+    attr_accessor :maxOperations, :maxPayloadSize
+  end
+end

data/app/models/scim_engine/complex_types/base.rb

@@ -0,0 +1,19 @@
+module ScimEngine
+  module ComplexTypes
+    class Base
+      include ActiveModel::Model
+      include ScimEngine::Schema::DerivedAttributes
+      include ScimEngine::Errors
+
+      def initialize(options={})
+        super
+        @errors = ActiveModel::Errors.new(self)
+      end
+
+      def as_json(options={})
+        options[:except] ||= ['errors']
+        super.except(options)
+      end
+    end
+  end
+end

data/app/models/scim_engine/complex_types/email.rb

@@ -0,0 +1,11 @@
+module ScimEngine
+  module ComplexTypes
+    class Email < Base
+      set_schema ScimEngine::Schema::Email
+
+      def as_json(options = {})
+        {'type' => 'work', 'primary' => true}.merge(super(options))
+      end
+    end
+  end
+end

data/app/models/scim_engine/complex_types/name.rb

@@ -0,0 +1,7 @@
+module ScimEngine
+  module ComplexTypes
+    class Name < Base
+      set_schema ScimEngine::Schema::Name
+    end
+  end
+end

data/app/models/scim_engine/complex_types/reference.rb

@@ -0,0 +1,7 @@
+module ScimEngine
+  module ComplexTypes
+    class Reference < Base
+      set_schema ScimEngine::Schema::Reference
+    end
+  end
+end

data/app/models/scim_engine/error_response.rb

@@ -0,0 +1,13 @@
+module ScimEngine
+  class ErrorResponse < StandardError
+    include ActiveModel::Model
+
+    attr_accessor :status, :detail, :scimType
+
+    def as_json(options = {})
+      {'schemas': ['urn:ietf:params:scim:api:messages:2.0:Error'],
+      'detail': detail,
+      'status': "#{status}"}.merge(scimType ? {'scimType': scimType} : {})
+    end
+  end
+end

data/app/models/scim_engine/errors.rb

@@ -0,0 +1,14 @@
+module ScimEngine
+  module Errors
+    def add_errors_from_hash(errors_hash, prefix: nil)
+      errors_hash.each_pair do |key, value|
+        new_key = prefix.nil? ? key : "#{prefix}.#{key}".to_sym
+        if value.is_a?(Array)
+          value.each {|error| errors.add(new_key, error)}
+        else
+          errors.add(new_key, value)
+        end
+      end
+    end
+  end
+end

data/app/models/scim_engine/filter.rb

@@ -0,0 +1,5 @@
+module ScimEngine
+  class Filter < Supportable
+    attr_accessor :maxResults
+  end
+end

data/app/models/scim_engine/meta.rb

@@ -0,0 +1,7 @@
+module ScimEngine
+  class Meta
+    include ActiveModel::Model
+
+    attr_accessor :resourceType, :created, :lastModified, :location, :version
+  end
+end

data/app/models/scim_engine/not_found_error.rb

@@ -0,0 +1,10 @@
+module ScimEngine
+
+  class NotFoundError < ErrorResponse
+
+    def initialize(id)
+      super(status: 404, detail: "Resource #{id} not found")
+    end
+
+  end
+end

data/app/models/scim_engine/resource_invalid_error.rb

@@ -0,0 +1,9 @@
+module ScimEngine
+  class ResourceInvalidError < ErrorResponse
+
+    def initialize(error_message)
+      super(status: 400, scimType: 'invalidValue', detail:"Operation failed since record has become invalid: #{error_message}")
+    end
+
+  end
+end

data/app/models/scim_engine/resource_type.rb

@@ -0,0 +1,28 @@
+module ScimEngine
+  class ResourceType
+    include ActiveModel::Model
+    attr_accessor :meta, :endpoint, :schema, :schemas, :id, :name, :schemaExtensions
+
+    def initialize(attributes = {})
+      default_attributes = {
+        meta: Meta.new(
+          'resourceType': 'ResourceType'
+        ),
+        schemas: ['urn:ietf:params:scim:schemas:core:2.0:ResourceType']
+      }
+      super(default_attributes.merge(attributes))
+    end
+
+
+    def as_json(options = {})
+      without_extensions = super(except: 'schemaExtensions')
+      if schemaExtensions.present?
+        extensions = schemaExtensions.map{|extension| {"schema" => extension, "required" => false}}
+        without_extensions.merge('schemaExtensions' => extensions)
+      else
+        without_extensions
+      end
+    end
+
+  end
+end

data/app/models/scim_engine/resources/base.rb

@@ -0,0 +1,110 @@
+module ScimEngine
+  module Resources
+    class Base
+      include ActiveModel::Model
+      include ScimEngine::Schema::DerivedAttributes
+      include ScimEngine::Errors
+
+      attr_accessor :id, :externalId, :meta
+      attr_reader :errors
+      validate :validate_resource
+
+      def initialize(options = {})
+        flattended_attributes = flatten_extension_attributes(options)
+        attributes = flattended_attributes.with_indifferent_access.slice(*self.class.all_attributes)
+        super(attributes)
+        constantize_complex_types(attributes)
+        @errors = ActiveModel::Errors.new(self)
+      end
+
+      def flatten_extension_attributes(options)
+        flattened = options.dup
+        self.class.extended_schemas.each do |extended_schema|
+          if extension_attrs = flattened.delete(extended_schema.id)
+            flattened.merge!(extension_attrs)
+          end
+        end
+        flattened
+      end
+
+      def self.extend_schema(schema)
+        derive_attributes_from_schema(schema)
+        extended_schemas << schema
+      end
+
+      def self.extended_schemas
+        @extended_schemas ||= []
+      end
+
+      def self.schemas
+        ([schema] + extended_schemas).flatten
+      end
+
+      def self.all_attributes
+        scim_attributes = schemas.map(&:scim_attributes).flatten.map(&:name)
+        scim_attributes + [:id, :externalId, :meta]
+      end
+
+      def self.complex_scim_attributes
+        schema.scim_attributes.select(&:complexType).group_by(&:name)
+      end
+
+      def complex_type_from_hash(scim_attribute, attr_value)
+        if attr_value.is_a?(Hash)
+          scim_attribute.complexType.new(attr_value)
+        else
+          attr_value
+        end
+      end
+
+      def constantize_complex_types(hash)
+        hash.with_indifferent_access.each_pair do |attr_name, attr_value|
+          scim_attribute = self.class.complex_scim_attributes[attr_name].try(:first)
+          if scim_attribute && scim_attribute.complexType
+            if scim_attribute.multiValued
+              self.send("#{attr_name}=", attr_value.map {|attr_for_each_item| complex_type_from_hash(scim_attribute, attr_for_each_item)})
+            else
+              self.send("#{attr_name}=", complex_type_from_hash(scim_attribute, attr_value))
+            end
+          end
+        end
+      end
+
+      def as_json(options = {})
+        self.meta = Meta.new unless self.meta
+        meta.resourceType = self.class.resource_type_id
+        original_hash = super(options).except('errors')
+        original_hash.merge!("schemas" => self.class.schemas.map(&:id))
+        self.class.extended_schemas.each do |extension_schema|
+          extension_attributes = extension_schema.scim_attributes.map(&:name)
+          original_hash.merge!(extension_schema.id => original_hash.extract!(*extension_attributes))
+        end
+        original_hash
+      end
+
+      def self.resource_type_id
+        name.demodulize
+      end
+
+      def self.resource_type(location)
+        resource_type = ResourceType.new(
+          endpoint: endpoint,
+          schema: schema.id,
+          id: resource_type_id,
+          name: resource_type_id,
+          schemaExtensions: extended_schemas.map(&:id)
+        )
+
+        resource_type.meta.location = location
+        resource_type
+      end
+
+      def validate_resource
+        self.class.schema.valid?(self)
+        self.class.extended_schemas.each do |extended_schema|
+          extended_schema.valid?(self)
+        end
+      end
+    end
+  end
+end

data/app/models/scim_engine/resources/group.rb

@@ -0,0 +1,13 @@
+module ScimEngine
+  module Resources
+    class Group < Base
+
+      set_schema Schema::Group
+
+      def self.endpoint
+        "/Groups"
+      end
+
+    end
+  end
+end

data/app/models/scim_engine/resources/user.rb

@@ -0,0 +1,13 @@
+module ScimEngine
+  module Resources
+    class User < Base
+
+      set_schema Schema::User
+
+      def self.endpoint
+        "/Users"
+      end
+
+    end
+  end
+end

data/app/models/scim_engine/schema/attribute.rb

@@ -0,0 +1,82 @@
+module ScimEngine
+  module Schema
+    class Attribute
+      include ActiveModel::Model
+      include ScimEngine::Errors
+      attr_accessor :name, :type, :multiValued, :required, :caseExact, :mutability, :returned, :uniqueness, :subAttributes, :complexType, :canonicalValues
+
+      def initialize(options = {})
+        defaults = {
+          multiValued: false,
+          required: true,
+          caseExact: false,
+          mutability: 'readWrite',
+          uniqueness: 'none',
+          returned: 'default',
+          canonicalValues: []
+        }
+
+        if options[:complexType]
+          defaults.merge!(type: 'complex', subAttributes: options[:complexType].schema.scim_attributes)
+        end
+
+        super(defaults.merge(options || {}))
+      end
+
+      def valid?(value)
+        return valid_blank? if value.blank? && !value.is_a?(FalseClass)
+
+        if type == 'complex'
+          return all_valid?(complexType, value) if multiValued
+          valid_complex_type?(value)
+        else
+          valid_simple_type?(value)
+        end
+      end
+
+      def valid_blank?
+        return true unless self.required
+        errors.add(self.name, "is required")
+        false
+      end
+
+      def valid_complex_type?(value)
+        if !value.class.respond_to?(:schema) || value.class.schema != complexType.schema
+          errors.add(self.name, "has to follow the complexType format.")
+          return false
+        end
+        value.class.schema.valid?(value)
+        return true if value.errors.empty?
+        add_errors_from_hash(value.errors.to_hash, prefix: self.name)
+        false
+      end
+
+      def valid_simple_type?(value)
+        valid = (type == 'string' && value.is_a?(String)) ||
+          (type == 'boolean' && (value.is_a?(TrueClass) || value.is_a?(FalseClass))) ||
+          (type == 'integer' && (value.is_a?(Integer))) ||
+          (type == 'dateTime' && valid_date_time?(value))
+        errors.add(self.name, "has the wrong type. It has to be a(n) #{self.type}.") unless valid
+        valid
+      end
+
+      def valid_date_time?(value)
+        !!Time.iso8601(value)
+      rescue ArgumentError
+        false
+      end
+
+      def all_valid?(complex_type, value)
+        validations = value.map {|value_in_array| valid_complex_type?(value_in_array)}
+        validations.all?
+      end
+
+      def as_json(options = {})
+        options[:except] ||= ['complexType']
+        options[:except] << 'canonicalValues' if canonicalValues.empty?
+        super.except(options)
+      end
+
+    end
+  end
+end

data/app/models/scim_engine/schema/base.rb

@@ -0,0 +1,30 @@
+module ScimEngine
+  module Schema
+    class Base
+      include ActiveModel::Model
+      attr_accessor :id, :name, :description, :scim_attributes, :meta
+
+      def initialize(options = {})
+        super
+        @meta = Meta.new(resourceType: "Schema")
+      end
+
+      def as_json(options = {})
+        @meta.location = ScimEngine::Engine.routes.url_helpers.scim_schemas_path(name: id)
+        original = super
+        original.merge('attributes' => original.delete('scim_attributes'))
+      end
+
+      def self.valid?(resource)
+        cloned_scim_attributes.each do |scim_attribute|
+          resource.add_errors_from_hash(scim_attribute.errors.to_hash) unless scim_attribute.valid?(resource.send(scim_attribute.name))
+        end
+      end
+
+      def self.cloned_scim_attributes
+        scim_attributes.map { |scim_attribute| scim_attribute.clone }
+      end
+
+    end
+  end
+end

data/app/models/scim_engine/schema/derived_attributes.rb

@@ -0,0 +1,24 @@
+module ScimEngine
+  module Schema
+    module DerivedAttributes
+      extend ActiveSupport::Concern
+
+      class_methods do
+        def set_schema(schema)
+          @schema = schema
+          derive_attributes_from_schema(schema)
+          schema
+        end
+
+        def derive_attributes_from_schema(schema)
+          attr_accessor *schema.scim_attributes.map(&:name)
+        end
+
+        def schema
+          @schema
+        end
+      end
+
+    end
+  end
+end