scim_engine 2.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: f3cbd57ab672582d1708e7e6f534331bd523706c
+  data.tar.gz: 2e91e1a79a20c400ae2b43b01b1cef6b6fe774c4
+SHA512:
+  metadata.gz: bc7d7d6064b5abe6fa107780c6b5243b5dc01ca87a56ab512b31d27707d43d15349d60a5f68e1dd954483eb9ff201ddb57bea15eda819f15e74305077b7844da
+  data.tar.gz: 7f433b3c515d42c72e16ec1a29eb897eb6b4c0dd59c7be8f5f9466dd0499a8b1dbfcce40bf55dbd14e1e68ec6b8183c8774e7f90a9f172e09bc809203be8f2ca

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2018 
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,25 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'ScimEngine'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+
+load 'rails/tasks/statistics.rake'
+
+
+
+Bundler::GemHelper.install_tasks

data/app/controllers/scim_engine/application_controller.rb

@@ -0,0 +1,36 @@
+module ScimEngine
+  class ApplicationController < ActionController::Base
+    before_action :require_scim
+    before_action :authenticate
+
+    protected
+
+    def authenticated?
+      authenticate_with_http_basic do |name, password|
+        name == ScimEngine::Engine.username && password == ScimEngine::Engine.password
+      end
+    end
+
+    def authenticate
+      handle_scim_error(ScimEngine::AuthenticationError.new) unless authenticated?
+    end
+
+    def handle_resource_not_found(exception)
+      handle_scim_error(NotFoundError.new(params[:id]))
+    end
+
+    def handle_record_invalid(error_message)
+      handle_scim_error(ErrorResponse.new(status: 400, detail: "Operation failed since record has become invalid: #{error_message}"))
+    end
+
+    def handle_scim_error(error_response)
+      render json: error_response, status: error_response.status
+    end
+
+    def require_scim
+      unless request.format == :scim
+        handle_scim_error(ErrorResponse.new(status: 406, detail: "Only #{Mime::Type.lookup_by_extension(:scim)} type is accepted."))
+      end
+    end
+  end
+end

data/app/controllers/scim_engine/resource_types_controller.rb

@@ -0,0 +1,22 @@
+require_dependency "scim_engine/application_controller"
+
+module ScimEngine
+  class ResourceTypesController < ApplicationController
+    def index
+      resource_types = ScimEngine::Engine.resources.map do |resource|
+        resource.resource_type(scim_resource_type_url(name: resource.resource_type_id))
+      end
+
+      render json: resource_types
+    end
+
+    def show
+      resource_types = ScimEngine::Engine.resources.reduce({}) do |hash, resource|
+        hash[resource.resource_type_id] = resource.resource_type(scim_resource_type_url(name: resource.resource_type_id))
+        hash
+      end
+
+      render json: resource_types[params[:name]]
+    end
+  end
+end

data/app/controllers/scim_engine/resources_controller.rb

@@ -0,0 +1,71 @@
+require_dependency "scim_engine/application_controller"
+
+module ScimEngine
+  class ResourcesController < ApplicationController
+
+    def show(&block)
+      scim_user = yield resource_params[:id]
+      render json: scim_user
+    rescue ErrorResponse => error
+      handle_scim_error(error)
+    end
+
+    def create(resource_type, &block)
+      if resource_params[:id].present?
+        handle_scim_error(ErrorResponse.new(status: 400, detail: 'id is not a valid parameter for create'))
+        return
+      end
+      with_scim_resource(resource_type) do |resource|
+        render json: yield(resource, is_create: true), status: :created
+      end
+    end
+
+    def update(resource_type, &block)
+      with_scim_resource(resource_type) do |resource|
+        render json: yield(resource)
+      end
+    end
+
+    def destroy
+      if yield(resource_params[:id]) != false
+        head :no_content
+      else
+        handle_scim_error(ErrorResponse.new(status: 500, detail: "Failed to delete the resource with id '#{params[:id]}'. Please try again later"))
+      end
+    end
+
+    protected
+
+    def validate_request
+      if request.raw_post.blank?
+        raise ScimEngine::ErrorResponse.new(status: 400, detail: 'must provide a request body')
+      end
+    end
+
+    def with_scim_resource(resource_type)
+      validate_request
+      begin
+        resource = resource_type.new(resource_params.to_h)
+        unless resource.valid?
+          raise ScimEngine::ErrorResponse.new(status: 400,
+                                              detail: "Invalid resource: #{resource.errors.full_messages.join(', ')}.",
+                                              scimType: 'invalidValue')
+        end
+
+        yield(resource)
+      rescue NoMethodError => error
+        Rails.logger.error error
+        raise ScimEngine::ErrorResponse.new(status: 400, detail: 'invalid request')
+      end
+    rescue ScimEngine::ErrorResponse => error
+      handle_scim_error(error)
+    end
+
+    private
+
+    def resource_params
+      params.permit!
+    end
+
+  end
+end

data/app/controllers/scim_engine/schemas_controller.rb

@@ -0,0 +1,16 @@
+require_dependency "scim_engine/application_controller"
+
+module ScimEngine
+  class SchemasController < ApplicationController
+    def index
+      schemas = ScimEngine::Engine.schemas
+      schemas_by_id = schemas.reduce({}) do |hash, schema|
+        hash[schema.id] = schema
+        hash
+      end
+
+      render json: schemas_by_id[params[:name]] || schemas
+    end
+
+  end
+end

data/app/controllers/scim_engine/service_provider_configurations_controller.rb

@@ -0,0 +1,8 @@
+require_dependency "scim_engine/application_controller"
+module ScimEngine
+  class ServiceProviderConfigurationsController < ApplicationController
+    def show
+      render json: ScimEngine.service_provider_configuration(location: request.url)
+    end
+  end
+end

data/app/models/scim_engine/authentication_error.rb

@@ -0,0 +1,9 @@
+module ScimEngine
+
+  class AuthenticationError < ErrorResponse
+    def initialize
+      super(status: 401, detail: 'Requires authentication')
+    end
+
+  end
+end

data/app/models/scim_engine/authentication_scheme.rb

@@ -0,0 +1,12 @@
+module ScimEngine
+  class AuthenticationScheme
+    include ActiveModel::Model
+    attr_accessor :type, :name, :description
+
+    def self.basic
+      new type: 'httpbasic',
+        name: 'HTTP Basic',
+        description: 'Authentication scheme using the HTTP Basic Standard'
+    end
+  end
+end

data/app/models/scim_engine/bulk.rb

@@ -0,0 +1,5 @@
+module ScimEngine
+  class Bulk < Supportable
+    attr_accessor :maxOperations, :maxPayloadSize
+  end
+end

data/app/models/scim_engine/complex_types/base.rb

@@ -0,0 +1,37 @@
+module ScimEngine
+  module ComplexTypes
+    # This class represents complex types that could be used inside SCIM resources.
+    # Each complex type must inherit from this class. They also need to have their own schema defined.
+    # @example
+    #  module ScimEngine
+    #    module ComplexTypes
+    #      class Email < Base
+    #        set_schema ScimEngine::Schema::Email
+    #
+    #        def as_json(options = {})
+    #          {'type' => 'work', 'primary' => true}.merge(super(options))
+    #        end
+    #      end
+    #    end
+    #  end
+    #
+    class Base
+      include ActiveModel::Model
+      include ScimEngine::Schema::DerivedAttributes
+      include ScimEngine::Errors
+
+      def initialize(options={})
+        super
+        @errors = ActiveModel::Errors.new(self)
+      end
+
+      # Converts the object to its SCIM representation which is always a json representation
+      # @param options [Hash] a hash that could provide default values for some of the attributes of this complex type object
+      #
+      def as_json(options={})
+        options[:except] ||= ['errors']
+        super.except(options)
+      end
+    end
+  end
+end

data/app/models/scim_engine/complex_types/email.rb

@@ -0,0 +1,14 @@
+module ScimEngine
+  module ComplexTypes
+    # Represents the complex email type.
+    # @see ScimEngine::Schema::Email
+    class Email < Base
+      set_schema ScimEngine::Schema::Email
+
+      # Returns the json representation of an email.
+      def as_json(options = {})
+        {'type' => 'work', 'primary' => true}.merge(super(options))
+      end
+    end
+  end
+end

data/app/models/scim_engine/complex_types/name.rb

@@ -0,0 +1,9 @@
+module ScimEngine
+  module ComplexTypes
+    # Represents the complex name type.
+    # @see ScimEngine::Schema::Name
+    class Name < Base
+      set_schema ScimEngine::Schema::Name
+    end
+  end
+end

data/app/models/scim_engine/complex_types/reference.rb

@@ -0,0 +1,9 @@
+module ScimEngine
+  module ComplexTypes
+    # Represents the complex reference type.
+    # @see ScimEngine::Schema::Reference
+    class Reference < Base
+      set_schema ScimEngine::Schema::Reference
+    end
+  end
+end

data/app/models/scim_engine/error_response.rb

@@ -0,0 +1,13 @@
+module ScimEngine
+  class ErrorResponse < StandardError
+    include ActiveModel::Model
+
+    attr_accessor :status, :detail, :scimType
+
+    def as_json(options = {})
+      {'schemas': ['urn:ietf:params:scim:api:messages:2.0:Error'],
+      'detail': detail,
+      'status': "#{status}"}.merge(scimType ? {'scimType': scimType} : {})
+    end
+  end
+end

data/app/models/scim_engine/errors.rb

@@ -0,0 +1,14 @@
+module ScimEngine
+  module Errors
+    def add_errors_from_hash(errors_hash, prefix: nil)
+      errors_hash.each_pair do |key, value|
+        new_key = prefix.nil? ? key : "#{prefix}.#{key}".to_sym
+        if value.is_a?(Array)
+          value.each {|error| errors.add(new_key, error)}
+        else
+          errors.add(new_key, value)
+        end
+      end
+    end
+  end
+end

data/app/models/scim_engine/filter.rb

@@ -0,0 +1,5 @@
+module ScimEngine
+  class Filter < Supportable
+    attr_accessor :maxResults
+  end
+end

data/app/models/scim_engine/meta.rb

@@ -0,0 +1,7 @@
+module ScimEngine
+  class Meta
+    include ActiveModel::Model
+
+    attr_accessor :resourceType, :created, :lastModified, :location, :version
+  end
+end

data/app/models/scim_engine/not_found_error.rb

@@ -0,0 +1,10 @@
+module ScimEngine
+
+  class NotFoundError < ErrorResponse
+
+    def initialize(id)
+      super(status: 404, detail: "Resource #{id} not found")
+    end
+
+  end
+end

data/app/models/scim_engine/resource_invalid_error.rb

@@ -0,0 +1,9 @@
+module ScimEngine
+  class ResourceInvalidError < ErrorResponse
+
+    def initialize(error_message)
+      super(status: 400, scimType: 'invalidValue', detail:"Operation failed since record has become invalid: #{error_message}")
+    end
+
+  end
+end

data/app/models/scim_engine/resource_type.rb

@@ -0,0 +1,29 @@
+module ScimEngine
+  # Provides info about a resource type. Instances of this class are used to provide info through the /ResourceTypes endpoint of a SCIM service provider.
+  class ResourceType
+    include ActiveModel::Model
+    attr_accessor :meta, :endpoint, :schema, :schemas, :id, :name, :schemaExtensions
+
+    def initialize(attributes = {})
+      default_attributes = {
+        meta: Meta.new(
+          'resourceType': 'ResourceType'
+        ),
+        schemas: ['urn:ietf:params:scim:schemas:core:2.0:ResourceType']
+      }
+      super(default_attributes.merge(attributes))
+    end
+
+
+    def as_json(options = {})
+      without_extensions = super(except: 'schemaExtensions')
+      if schemaExtensions.present?
+        extensions = schemaExtensions.map{|extension| {"schema" => extension, "required" => false}}
+        without_extensions.merge('schemaExtensions' => extensions)
+      else
+        without_extensions
+      end
+    end
+
+  end
+end

data/app/models/scim_engine/resources/base.rb

@@ -0,0 +1,139 @@
+module ScimEngine
+  module Resources
+    # The base class for all SCIM resources.
+    class Base
+      include ActiveModel::Model
+      include ScimEngine::Schema::DerivedAttributes
+      include ScimEngine::Errors
+
+      attr_accessor :id, :externalId, :meta
+      attr_reader :errors
+      validate :validate_resource
+
+      def initialize(options = {})
+        flattended_attributes = flatten_extension_attributes(options)
+        attributes = flattended_attributes.with_indifferent_access.slice(*self.class.all_attributes)
+        super(attributes)
+        constantize_complex_types(attributes)
+        @errors = ActiveModel::Errors.new(self)
+      end
+
+      def flatten_extension_attributes(options)
+        flattened = options.dup
+        self.class.extended_schemas.each do |extended_schema|
+          if extension_attrs = flattened.delete(extended_schema.id)
+            flattened.merge!(extension_attrs)
+          end
+        end
+        flattened
+      end
+
+      # Can be used to extend an existing resource type's schema
+      # @example
+      #  module Scim
+      #    module Schema
+      #      class MyExtension < ScimEngine::Schema::Base
+      #
+      #        def initialize(options = {})
+      #          super(name: 'ExtendedGroup',
+      #                id: self.class.id,
+      #                description: 'Represents extra info about a group',
+      #                scim_attributes: self.class.scim_attributes)
+      #        end
+      #
+      #        def self.id
+      #          'urn:ietf:params:scim:schemas:extension:extendedgroup:2.0:Group'
+      #        end
+      #
+      #        def self.scim_attributes
+      #          [ScimEngine::Schema::Attribute.new(name: 'someAddedAttribute',
+      #                         type: 'string',
+      #                         required: true,
+      #                         canonicalValues: ['FOO', 'BAR'])]
+      #        end
+      #      end
+      #    end
+      #  end
+      #
+      #  ScimEngine::Resources::Group.extend_schema Scim::Schema::MyExtention
+      def self.extend_schema(schema)
+        derive_attributes_from_schema(schema)
+        extended_schemas << schema
+      end
+
+      def self.extended_schemas
+        @extended_schemas ||= []
+      end
+
+      def self.schemas
+        ([schema] + extended_schemas).flatten
+      end
+
+      def self.all_attributes
+        scim_attributes = schemas.map(&:scim_attributes).flatten.map(&:name)
+        scim_attributes + [:id, :externalId, :meta]
+      end
+
+      def self.complex_scim_attributes
+        schema.scim_attributes.select(&:complexType).group_by(&:name)
+      end
+
+      def complex_type_from_hash(scim_attribute, attr_value)
+        if attr_value.is_a?(Hash)
+          scim_attribute.complexType.new(attr_value)
+        else
+          attr_value
+        end
+      end
+
+      def constantize_complex_types(hash)
+        hash.with_indifferent_access.each_pair do |attr_name, attr_value|
+          scim_attribute = self.class.complex_scim_attributes[attr_name].try(:first)
+          if scim_attribute && scim_attribute.complexType
+            if scim_attribute.multiValued
+              self.send("#{attr_name}=", attr_value.map {|attr_for_each_item| complex_type_from_hash(scim_attribute, attr_for_each_item)})
+            else
+              self.send("#{attr_name}=", complex_type_from_hash(scim_attribute, attr_value))
+            end
+          end
+        end
+      end
+
+      def as_json(options = {})
+        self.meta = Meta.new unless self.meta
+        meta.resourceType = self.class.resource_type_id
+        original_hash = super(options).except('errors')
+        original_hash.merge!("schemas" => self.class.schemas.map(&:id))
+        self.class.extended_schemas.each do |extension_schema|
+          extension_attributes = extension_schema.scim_attributes.map(&:name)
+          original_hash.merge!(extension_schema.id => original_hash.extract!(*extension_attributes))
+        end
+        original_hash
+      end
+
+      def self.resource_type_id
+        name.demodulize
+      end
+
+      def self.resource_type(location)
+        resource_type = ResourceType.new(
+          endpoint: endpoint,
+          schema: schema.id,
+          id: resource_type_id,
+          name: resource_type_id,
+          schemaExtensions: extended_schemas.map(&:id)
+        )
+
+        resource_type.meta.location = location
+        resource_type
+      end
+
+      def validate_resource
+        self.class.schema.valid?(self)
+        self.class.extended_schemas.each do |extended_schema|
+          extended_schema.valid?(self)
+        end
+      end
+    end
+  end
+end