scim_engine 1.0.0

data/app/models/scim_engine/schema/email.rb

@@ -0,0 +1,13 @@
+module ScimEngine
+  module Schema
+    class Email < Base
+      def self.scim_attributes
+        @scim_attributes ||= [
+          Attribute.new(name: 'value', type: 'string'),
+          Attribute.new(name: 'primary', type: 'boolean', required: false),
+          Attribute.new(name: 'type', type: 'string', required: false)
+        ]
+      end
+    end
+  end
+end

data/app/models/scim_engine/schema/group.rb

@@ -0,0 +1,25 @@
+module ScimEngine
+  module Schema
+    class Group < Base
+
+      def initialize(options = {})
+        super(name: 'Group',
+              id: self.class.id,
+              description: 'Represents a Group',
+              scim_attributes: self.class.scim_attributes)
+      end
+
+      def self.id
+        'urn:ietf:params:scim:schemas:core:2.0:Group'
+      end
+
+      def self.scim_attributes
+        [
+          Attribute.new(name: 'displayName', type: 'string'),
+          Attribute.new(name: 'members', multiValued: true, complexType: ScimEngine::ComplexTypes::Reference, mutability: 'readOnly', required: false)
+        ]
+      end
+
+    end
+  end
+end

data/app/models/scim_engine/schema/name.rb

@@ -0,0 +1,15 @@
+module ScimEngine
+  module Schema
+    class Name < Base
+
+      def self.scim_attributes
+        @scim_attributes ||= [
+          Attribute.new(name: 'familyName', type: 'string'),
+          Attribute.new(name: 'givenName', type: 'string'),
+          Attribute.new(name: 'formatted', type: 'string', required: false)
+        ]
+      end
+
+    end
+  end
+end

data/app/models/scim_engine/schema/reference.rb

@@ -0,0 +1,12 @@
+module ScimEngine
+  module Schema
+    class Reference < Base
+      def self.scim_attributes
+        @scim_attributes ||= [
+          Attribute.new(name: 'value', type: 'string', mutability: 'readOnly'),
+          Attribute.new(name: 'display', type: 'string', mutability: 'readOnly', required: false)
+        ]
+      end
+    end
+  end
+end

data/app/models/scim_engine/schema/user.rb

@@ -0,0 +1,28 @@
+module ScimEngine
+  module Schema
+    class User < Base
+
+      def initialize(options = {})
+        super(name: 'User',
+              id: self.class.id,
+              description: 'Represents a User',
+              scim_attributes: self.class.scim_attributes)
+
+      end
+
+      def self.id
+        'urn:ietf:params:scim:schemas:core:2.0:User'
+      end
+
+      def self.scim_attributes
+        [
+          Attribute.new(name: 'userName', type: 'string', uniqueness: 'server'),
+          Attribute.new(name: 'name', complexType: ScimEngine::ComplexTypes::Name),
+          Attribute.new(name: 'emails', multiValued: true, complexType: ScimEngine::ComplexTypes::Email),
+          Attribute.new(name: 'groups', multiValued: true, mutability: 'immutable', complexType: ScimEngine::ComplexTypes::Reference)
+        ]
+      end
+
+    end
+  end
+end

data/app/models/scim_engine/service_provider_configuration.rb

@@ -0,0 +1,30 @@
+module ScimEngine
+  class ServiceProviderConfiguration
+    include ActiveModel::Model
+
+    attr_accessor :patch, :bulk, :filter, :changePassword,
+      :sort, :etag, :authenticationSchemes,
+      :schemas, :meta
+
+    def initialize(attributes = {})
+      defaults = {
+        bulk: Supportable.unsupported,
+        patch: Supportable.unsupported,
+        filter: Supportable.unsupported,
+        changePassword: Supportable.unsupported,
+        sort: Supportable.unsupported,
+        etag: Supportable.unsupported,
+        schemas: ["urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"],
+        meta: Meta.new(
+          resourceType: 'ServiceProviderConfig',
+          created: Time.now,
+          lastModified: Time.now,
+          version: '1'
+        ),
+        authenticationSchemes: [AuthenticationScheme.basic]
+      }
+      super(defaults.merge(attributes))
+    end
+
+  end
+end

data/app/models/scim_engine/supportable.rb

@@ -0,0 +1,10 @@
+module ScimEngine
+  class Supportable
+    include ActiveModel::Model
+    attr_accessor :supported
+
+    def self.unsupported
+      new(supported: false)
+    end
+  end
+end

data/app/views/layouts/scim_engine/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>ScimEngine</title>
+  <%= stylesheet_link_tag    "scim_engine/application", media: "all" %>
+  <%= javascript_include_tag "scim_engine/application" %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/config/routes.rb

@@ -0,0 +1,6 @@
+ScimEngine::Engine.routes.draw do
+  get 'ServiceProviderConfig', to: 'service_provider_configurations#show'
+  get 'ResourceTypes', to: 'resource_types#index'
+  get 'ResourceTypes/:name', to: 'resource_types#show', as: :scim_resource_type
+  get 'Schemas', to: 'schemas#index', as: :scim_schemas
+end

data/lib/scim_engine/engine.rb

@@ -0,0 +1,35 @@
+module ScimEngine
+  class Engine < ::Rails::Engine
+    isolate_namespace ScimEngine
+
+    Mime::Type.register "application/scim+json",:scim
+
+    ActionDispatch::Request.parameter_parsers[Mime::Type.lookup('application/scim+json').symbol] = lambda do |body|
+      JSON.parse(body)
+    end
+
+    mattr_accessor :username
+    mattr_accessor :password
+
+    def self.resources
+      default_resources + custom_resources
+    end
+
+    def self.add_custom_resource(resource)
+      custom_resources << resource
+    end
+
+    def self.custom_resources
+      @custom_resources ||= []
+    end
+
+    def self.default_resources
+      [ Resources::User, Resources::Group ]
+    end
+
+    def self.schemas
+      resources.map(&:schemas).flatten.uniq.map(&:new)
+    end
+
+  end
+end

data/lib/scim_engine/version.rb

@@ -0,0 +1,3 @@
+module ScimEngine
+  VERSION = "1.0.0"
+end

data/lib/scim_engine.rb

@@ -0,0 +1,13 @@
+require "scim_engine/engine"
+
+module ScimEngine
+  def self.service_provider_configuration=(custom_configuration)
+    @service_provider_configuration = custom_configuration
+  end
+
+  def self.service_provider_configuration(location:)
+    @service_provider_configuration ||= ServiceProviderConfiguration.new
+    @service_provider_configuration.meta.location = location
+    @service_provider_configuration
+  end
+end

data/lib/tasks/scim_engine_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :scim_engine do
+#   # Task goes here
+# end

data/spec/controllers/scim_engine/application_controller_spec.rb

@@ -0,0 +1,104 @@
+require 'rails_helper'
+
+describe ScimEngine::ApplicationController do
+
+  context 'custom authentication' do
+    before do
+      allow(ScimEngine::Engine).to receive(:username) { 'A' }
+      allow(ScimEngine::Engine).to receive(:password) { 'B' }
+    end
+
+    controller do
+      rescue_from StandardError, with: :handle_resource_not_found
+
+      def index
+        render json: { 'message' => 'cool, cool!' }, format: :scim
+      end
+    end
+
+    it 'renders success when valid creds are given' do
+      request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials('A', 'B')
+
+      get :index, params: { format: :scim }
+      expect(response).to be_ok
+      expect(JSON.parse(response.body)).to eql({ 'message' => 'cool, cool!' })
+    end
+
+    it 'renders failure with bad password' do
+      request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials('A', 'C')
+
+      get :index, params: { format: :scim }
+      expect(response).not_to be_ok
+    end
+
+    it 'renders failure with bad user name' do
+      request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials('C', 'B')
+
+      get :index, params: { format: :scim }
+      expect(response).not_to be_ok
+    end
+
+
+    it 'renders failure with bad user name and password' do
+      request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials('C', 'D')
+
+      get :index, params: { format: :scim }
+      expect(response).not_to be_ok
+    end
+
+
+
+  end
+
+
+  context 'authenticated' do
+    controller do
+      rescue_from StandardError, with: :handle_resource_not_found
+
+      def index
+        render json: { 'message' => 'cool, cool!' }, format: :scim
+      end
+
+      def authenticated?
+        true
+      end
+    end
+
+    describe 'authenticate' do
+      it 'renders index if authenticated' do
+        get :index, params: { format: :scim }
+        expect(response).to be_ok
+        expect(JSON.parse(response.body)).to eql({ 'message' => 'cool, cool!' })
+      end
+
+      it 'renders not authorized response if not authenticated' do
+        allow(controller).to receive(:authenticated?) { false }
+        get :index, params: { format: :scim }
+        expect(response).to have_http_status(:unauthorized)
+        parsed_body = JSON.parse(response.body)
+        expect(parsed_body).to include('schemas' => ['urn:ietf:params:scim:api:messages:2.0:Error'])
+        expect(parsed_body).to include('detail' => 'Requires authentication')
+        expect(parsed_body).to include('status' => '401')
+      end
+
+      it 'renders resource not found response when resource cannot be found for the given id' do
+        allow(controller).to receive(:index).and_raise(StandardError)
+        get :index, params: { id: 10, format: :scim }
+        expect(response).to have_http_status(:not_found)
+        parsed_body = JSON.parse(response.body)
+        expect(parsed_body).to include('schemas' => ['urn:ietf:params:scim:api:messages:2.0:Error'])
+        expect(parsed_body).to include('detail' => 'Resource 10 not found')
+        expect(parsed_body).to include('status' => '404')
+      end
+    end
+
+    describe 'require_scim' do
+      it 'renders not acceptable if the request does not use scim type' do
+        get :index
+        expect(response).to have_http_status(:not_acceptable)
+
+        expect(JSON.parse(response.body)['detail']).to eql('Only application/scim+json type is accepted.')
+      end
+    end
+  end
+end

data/spec/controllers/scim_engine/resource_types_controller_spec.rb

@@ -0,0 +1,78 @@
+require 'rails_helper'
+
+describe ScimEngine::ResourceTypesController do
+  routes { ScimEngine::Engine.routes }
+
+  before(:each) { allow(controller).to receive(:authenticated?).and_return(true) }
+
+  describe 'GET index' do
+    it 'renders the resource type for user' do
+      get :index, format: :scim
+      response_hash = JSON.parse(response.body)
+      expected_response = [ ScimEngine::Resources::User.resource_type(scim_resource_type_url(name: 'User')),
+                            ScimEngine::Resources::Group.resource_type(scim_resource_type_url(name: 'Group'))
+      ].to_json
+
+      response_hash = JSON.parse(response.body)
+      expect(response_hash).to eql(JSON.parse(expected_response))
+    end
+
+    it 'renders custom resource types' do
+      custom_resource = Class.new(ScimEngine::Resources::Base) do
+        set_schema ScimEngine::Schema::User
+
+        def self.endpoint
+          "/Gaga"
+        end
+
+        def self.resource_type_id
+          'Gaga'
+        end
+      end
+
+      allow(ScimEngine::Engine).to receive(:custom_resources) {[ custom_resource ]}
+
+      get :index, params: { format: :scim }
+      response_hash = JSON.parse(response.body)
+      expect(response_hash.size).to eql(3)
+    end
+  end
+
+  describe 'GET show' do
+    it 'renders the resource type for user' do
+      get :show, params: { name: 'User', format: :scim }
+      response_hash = JSON.parse(response.body)
+      expected_response = ScimEngine::Resources::User.resource_type(scim_resource_type_url(name: 'User')).to_json
+      expect(response_hash).to eql(JSON.parse(expected_response))
+    end
+
+    it 'renders the resource type for group' do
+      get :show, params: { name: 'Group', format: :scim }
+      response_hash = JSON.parse(response.body)
+      expected_response = ScimEngine::Resources::Group.resource_type(scim_resource_type_url(name: 'Group')).to_json
+      expect(response_hash).to eql(JSON.parse(expected_response))
+    end
+
+    it 'renders custom resource type' do
+      custom_resource = Class.new(ScimEngine::Resources::Base) do
+        set_schema ScimEngine::Schema::User
+
+        def self.endpoint
+          "/Gaga"
+        end
+
+        def self.resource_type_id
+          'Gaga'
+        end
+      end
+
+      allow(ScimEngine::Engine).to receive(:custom_resources) {[ custom_resource ]}
+
+
+      get :show, params: { name: 'Gaga', format: :scim }
+      response_hash = JSON.parse(response.body)
+      expected_response = custom_resource.resource_type(scim_resource_type_url(name: 'Gaga')).to_json
+      expect(response_hash).to eql(JSON.parse(expected_response))
+    end
+  end
+end

data/spec/controllers/scim_engine/resources_controller_spec.rb

@@ -0,0 +1,134 @@
+require 'rails_helper'
+
+describe ScimEngine::ResourcesController do
+
+  before(:each) { allow(controller).to receive(:authenticated?).and_return(true) }
+
+  controller do
+    def show
+      super do |id|
+        ScimEngine::Resources::Group.new(id: id)
+      end
+    end
+
+    def create
+      super(ScimEngine::Resources::Group) do |resource|
+        resource
+      end
+    end
+
+    def update
+      super(ScimEngine::Resources::Group) do |resource|
+        resource
+      end
+    end
+
+    def destroy
+      super do |id|
+        successful_delete?
+      end
+    end
+
+    def successful_delete?
+      true
+    end
+  end
+
+  describe 'GET show' do
+    it 'renders the resource' do
+      get :show, params: { id: '10', format: :scim }
+
+      expect(response).to be_ok
+      expect(JSON.parse(response.body)).to include('id' => '10')
+    end
+  end
+
+  describe 'POST create' do
+    it 'returns error if body is missing' do
+      post :create, params: { format: :scim }
+      expect(response.status).to eql(400)
+      expect(JSON.parse(response.body)['detail']).to eql('must provide a request body')
+    end
+
+    it 'works if the request is valid' do
+      post :create, params: { displayName: 'Sauron biz', format: :scim }
+      expect(response).to have_http_status(:created)
+      expect(JSON.parse(response.body)['displayName']).to eql('Sauron biz')
+    end
+
+    it 'renders error if resource object cannot be built from the params' do
+      put :update, params: { id: 'group-id', name: {email: 'a@b.com'}, format: :scim }
+      expect(response.status).to eql(400)
+      expect(JSON.parse(response.body)['detail']).to match(/^Invalid/)
+    end
+
+    it 'renders application side error' do
+      allow_any_instance_of(ScimEngine::Resources::Group).to receive(:to_json).and_raise(ScimEngine::ErrorResponse.new(status: 400, detail: 'gaga'))
+      put :update, params: { id: 'group-id', displayName: 'invalid name', format: :scim }
+      expect(response.status).to eql(400)
+      expect(JSON.parse(response.body)['detail']).to eql('gaga')
+    end
+
+    it 'renders error if id is provided' do
+      post :create, params: { id: 'some-id', displayName: 'sauron', format: :scim }
+
+      expect(response).to have_http_status(:bad_request)
+
+      parsed_response = JSON.parse(response.body)
+      expect(parsed_response['detail']).to start_with('id and externalId are not valid parameters for create')
+    end
+
+    it 'renders error if externalId is provided' do
+      post :create, params: { externalId: 'some-id', displayName: 'sauron', format: :scim }
+
+      expect(response).to have_http_status(:bad_request)
+
+      parsed_response = JSON.parse(response.body)
+      expect(parsed_response['detail']).to start_with('id and externalId are not valid parameters for create')
+    end
+  end
+
+  describe 'PUT update' do
+    it 'returns error if body is missing' do
+      put :update, params: { id: 'group-id', format: :scim }
+      expect(response.status).to eql(400)
+      expect(JSON.parse(response.body)['detail']).to eql('must provide a request body')
+    end
+
+    it 'works if the request is valid' do
+      put :update, params: { id: 'group-id', displayName: 'sauron', format: :scim }
+      expect(response.status).to eql(200)
+      expect(JSON.parse(response.body)['displayName']).to eql('sauron')
+    end
+
+    it 'renders error if resource object cannot be built from the params' do
+      put :update, params: { id: 'group-id', name: {email: 'a@b.com'}, format: :scim }
+      expect(response.status).to eql(400)
+      expect(JSON.parse(response.body)['detail']).to match(/^Invalid/)
+    end
+
+    it 'renders application side error' do
+      allow_any_instance_of(ScimEngine::Resources::Group).to receive(:to_json).and_raise(ScimEngine::ErrorResponse.new(status: 400, detail: 'gaga'))
+      put :update, params: { id: 'group-id', displayName: 'invalid name', format: :scim }
+      expect(response.status).to eql(400)
+      expect(JSON.parse(response.body)['detail']).to eql('gaga')
+    end
+
+  end
+
+  describe 'DELETE destroy' do
+    it 'returns an empty response with no content status if deletion is successful' do
+      delete :destroy, params: { id: 'group-id', format: :scim }
+      expect(response).to have_http_status(:no_content)
+      expect(response.body).to be_empty
+    end
+
+    it 'renders error if deletion fails' do
+      allow(controller).to receive(:successful_delete?).and_return(false)
+      delete :destroy, params: { id: 'group-id', format: :scim }
+      expect(response).to have_http_status(:internal_server_error)
+      parsed_response = JSON.parse(response.body)
+      expect(parsed_response['detail']).to eql("Failed to delete the resource with id 'group-id'. Please try again later")
+    end
+  end
+end

data/spec/controllers/scim_engine/schemas_controller_spec.rb

@@ -0,0 +1,66 @@
+require 'rails_helper'
+
+describe ScimEngine::SchemasController do
+
+  before(:each) { allow(controller).to receive(:authenticated?).and_return(true) }
+
+  controller do
+    def index
+      super
+    end
+  end
+  describe '#index' do
+    it 'returns a collection of supported schemas' do
+      get :index, params: { format: :scim }
+      expect(response).to be_ok
+      parsed_body = JSON.parse(response.body)
+      expect(parsed_body.length).to eql(2)
+      schema_names = parsed_body.map {|schema| schema['name']}
+      expect(schema_names).to match_array(['User', 'Group'])
+    end
+
+    it 'returns only the User schema when its id is provided' do
+      get :index, params: { name: ScimEngine::Schema::User.id, format: :scim }
+      expect(response).to be_ok
+      parsed_body = JSON.parse(response.body)
+      expect(parsed_body['name']).to eql('User')
+    end
+
+    it 'returns only the Group schema when its id is provided' do
+      get :index, params: { name: ScimEngine::Schema::Group.id, format: :scim }
+      expect(response).to be_ok
+      parsed_body = JSON.parse(response.body)
+      expect(parsed_body['name']).to eql('Group')
+    end
+
+    it 'returns only the License schemas when its id is provided' do
+      license_schema = Class.new(ScimEngine::Schema::Base) do
+        def initialize(options = {})
+        super(name: 'License',
+              id: self.class.id,
+              description: 'Represents a License')
+        end
+        def self.id
+          'License'
+        end
+        def self.scim_attributes
+          []
+        end
+      end
+
+      license_resource = Class.new(ScimEngine::Resources::Base) do
+        set_schema license_schema
+        def self.endopint
+          '/Gaga'
+        end
+      end
+
+      allow(ScimEngine::Engine).to receive(:custom_resources) {[license_resource]}
+      get :index, params: { name: license_schema.id, format: :scim }
+      expect(response).to be_ok
+      parsed_body = JSON.parse(response.body)
+      expect(parsed_body['name']).to eql('License')
+    end
+  end
+end
+

data/spec/controllers/scim_engine/service_provider_configurations_controller_spec.rb

@@ -0,0 +1,21 @@
+require 'rails_helper'
+
+describe ScimEngine::ServiceProviderConfigurationsController do
+
+  before(:each) { allow(controller).to receive(:authenticated?).and_return(true) }
+
+  controller do
+    def show
+      super
+    end
+  end
+  describe '#show' do
+    it 'renders the servive provider configurations' do
+      get :show, params: { id: 'fake', format: :scim }
+
+      expect(response).to be_ok
+      expect(JSON.parse(response.body)).to include('patch' => {'supported' => false})
+    end
+  end
+
+end

data/spec/dummy/README.rdoc

@@ -0,0 +1,28 @@
+== README
+
+This README would normally document whatever steps are necessary to get the
+application up and running.
+
+Things you may want to cover:
+
+* Ruby version
+
+* System dependencies
+
+* Configuration
+
+* Database creation
+
+* Database initialization
+
+* How to run the test suite
+
+* Services (job queues, cache servers, search engines, etc.)
+
+* Deployment instructions
+
+* ...
+
+
+Please feel free to use a different markup language if you do not plan to run
+<tt>rake doc:app</tt>.

data/spec/dummy/Rakefile

@@ -0,0 +1,6 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+Rails.application.load_tasks

data/spec/dummy/app/assets/javascripts/application.js

@@ -0,0 +1,13 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file.
+//
+// Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require_tree .