scim_rails 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 86825e382a5c558d2802904c2adc98b7f7b5fb1c
-  data.tar.gz: 66d58b555f21eefd7f0c829feef30caf08446534
+  metadata.gz: 852439c711dfe1b37da47988060c40324985ff23
+  data.tar.gz: ef61b7184ed183976e3c48833ba8b330e0ef773e
 SHA512:
-  metadata.gz: '077238f948c1c027b5e98ea30b465e90d576b4ff3b07e3b150046d5acc9376fdcc8a7725329fe82dc8b57d9beae9285a231207afa1b56c488964e501485012b3'
-  data.tar.gz: eb0b98dbad28e4a22bc5ed48859c8a546263d91a43757d717c3284382ade77f11c45f6f0e51f33eea41e2ee6e38482637893728df586bc2100b36072c45f20c0
+  metadata.gz: b056aceb8507e3587bc33dcc6387f0cf0ec2f29bbfce0d00102056676285fd1dad15a1387e3b2d2041a918ec1b9fbf7e0a150b614757ade503196558e6ff6f93
+  data.tar.gz: 1d2340490c77f232f87e05f7775d1c482333aba9974a74efc599e55a8819f3b8df439249300c5d1c6c3adc3ef23d6426048c7779d21f6a90b5abfe1b91666c15

data/README.md

@@ -4,7 +4,7 @@ NOTE: This Gem is not yet fully SCIM complaint. It was developed with the main f
 
 #### What is SCIM?
 
-SCIM stands for System for Cross-domain Identity Management. At its core, it is a set of rules defining how apps should interact for the purpose of creating, updating, and deprovisioning users. SCIM requests and responses can be sent in XML or JSON and this Gem uses JSON for ease of readabilty. 
+SCIM stands for System for Cross-domain Identity Management. At its core, it is a set of rules defining how apps should interact for the purpose of creating, updating, and deprovisioning users. SCIM requests and responses can be sent in XML or JSON and this Gem uses JSON for ease of readability. 
 
 To learn more about SCIM 2.0 you can read the documentation at [RFC 7643](https://tools.ietf.org/html/rfc7643) and [RFC 7644](https://tools.ietf.org/html/rfc7644).
 
@@ -92,7 +92,7 @@ $ curl -X GET 'http://username:password@localhost:3000/scim/v2/Users'
 
 This Gem provides two pagination filters; `startIndex` and `count`.
 
-`startIndex` is the positional number you would like to start at. This parameter can accept any integer but anything less than 1 will be interpreted as 1. If you visualize an array with all your user records in the array, `startIndex` is basically what element you would like to start at. If you are familiar with SQL this parameter is directly correlated to the query offset. **The default value for this fitler is 1.**
+`startIndex` is the positional number you would like to start at. This parameter can accept any integer but anything less than 1 will be interpreted as 1. If you visualize an array with all your user records in the array, `startIndex` is basically what element you would like to start at. If you are familiar with SQL this parameter is directly correlated to the query offset. **The default value for this filter is 1.**
 
 `count` is the number of records you would like present in the response. **The default value for this filter is 100.**
 
@@ -108,7 +108,7 @@ The pagination filters may be used on their own or in addition to the query filt
 
 ##### Querying
 
-Currently the only filter supported is a single level `eq`. More operators can be added failry easily in future releases. The SCIM RFC documents nested querying which is something we would like to implement in the future.
+Currently the only filter supported is a single level `eq`. More operators can be added fairly easily in future releases. The SCIM RFC documents nested querying which is something we would like to implement in the future.
 
 **Queryable attributes can be mapped in the configuration file.**
 
@@ -121,7 +121,7 @@ filter=formattedName eq Test User
 filter=id eq 1
 ```
 
-Unsuppored filter:
+Unsupported filter:
 
 ```
 filter=(email eq test@example.com) or (userName eq test@example.com)
@@ -183,16 +183,16 @@ Sample request:
 $ curl -X PUT 'http://username:password@localhost:3000/scim/v2/Users/1' -d '{"schemas":["urn:ietf:params:scim:schemas:core:2.0:User"],"userName":"test@example.com","name":{"givenName":"Test","familyName":"User"},"emails":[{"primary":true,"value":"test@example.com","type":"work"}],"displayName":"Test User","active":true}' -H 'Content-Type: application/scim+json'
 ```
 
-### Deprovision
+### Deprovision / Reprovision
 
-The PATCH request was implemented to work with Okta. Okta updates profiles with PUT and deprovisions with PATCH. This implemention of PATCH is not SCIM compliant as it does not update a single attribute on the user profile but instead only sends a deprovision request.
+The PATCH request was implemented to work with Okta. Okta updates profiles with PUT and deprovisions / reprovisions with PATCH. This implementation of PATCH is not SCIM compliant as it does not update a single attribute on the user profile but instead only sends a status update request to the record.
 
 We would like to implement PATCH to be fully SCIM compliant in future releases.
 
 Sample request:
 
 ```bash
-$ curl -X PATCH 'http://username:password@localhost:3000/scim/v2/Users/1'
+$ curl -X PATCH 'http://username:password@localhost:3000/scim/v2/Users/1' -d '{"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"], "Operations": [{"op": "replace", "value": { "active": false }}]}' -H 'Content-Type: application/scim+json'
 ```
 
 ## Contributing

data/app/controllers/concerns/scim_rails/exception_handler.rb

@@ -8,6 +8,9 @@ module ScimRails
     class InvalidQuery < StandardError
     end
 
+    class UnsupportedPatchRequest < StandardError
+    end
+
     included do
       rescue_from ScimRails::ExceptionHandler::InvalidCredentials do
         json_response(
@@ -32,6 +35,17 @@ module ScimRails
         )
       end
 
+      rescue_from ScimRails::ExceptionHandler::UnsupportedPatchRequest do
+        json_response(
+          {
+            schemas: ["urn:ietf:params:scim:api:messages:2.0:Error"],
+            detail: "Invalid PATCH request. This PATCH endpoint only supports deprovisioning and reprovisioning records.",
+            status: "422"
+          },
+          :unprocessable_entity
+        )
+      end
+
       rescue_from ActiveRecord::RecordNotFound do |e|
         json_response(
           {

data/app/controllers/scim_rails/scim_users_controller.rb

@@ -28,7 +28,7 @@ module ScimRails
 
     def create
       user = @company.public_send(ScimRails.config.scim_users_scope).create!(permitted_user_params)
-      update_status(user) unless params[:active].nil?
+      update_status(user) unless put_active_param.nil?
       json_scim_response(object: user, status: :created)
     end
 
@@ -39,16 +39,15 @@ module ScimRails
 
     def put_update
       user = @company.public_send(ScimRails.config.scim_users_scope).find(params[:id])
-      update_status(user) unless params[:active].nil?
+      update_status(user) unless put_active_param.nil?
       user.update!(permitted_user_params)
       json_scim_response(object: user)
     end
 
-    # TODO: PATCH will only deprovision users regardless of params.
+    # TODO: PATCH will only deprovision or reprovision users.
     # This will work just fine for Okta but is not SCIM compliant.
     def patch_update
       user = @company.public_send(ScimRails.config.scim_users_scope).find(params[:id])
-      params[:active] = false
       update_status(user)
       json_scim_response(object: user)
     end
@@ -99,7 +98,8 @@ module ScimRails
     end
 
     def active?
-      case params[:active]
+      active = put_active_param || patch_active_param
+      case active
       when true, "true", 1
         true
       when false, "false", 0
@@ -108,5 +108,15 @@ module ScimRails
         raise ActiveRecord::RecordInvalid
       end
     end
+
+    def put_active_param
+      params[:active]
+    end
+
+    def patch_active_param
+      active = params.dig("Operations", 0, "value", "active")
+      raise ScimRails::ExceptionHandler::UnsupportedPatchRequest if active.nil?
+      active
+    end
   end
 end

data/lib/scim_rails/version.rb

@@ -1,3 +1,3 @@
 module ScimRails
-  VERSION = '0.1.0'
+  VERSION = '0.1.1'
 end

data/spec/controllers/scim_rails/scim_users_controller_spec.rb

@@ -457,13 +457,13 @@ RSpec.describe ScimRails::ScimUsersController, type: :controller do
 
     context "when unauthorized" do
       it "returns scim+json content type" do
-        patch :patch_update, params: { id: 1 }
+        patch :patch_update, params: patch_params(id: 1)
   
         expect(response.content_type).to eq "application/scim+json, application/json"
       end
 
       it "fails with no credentials" do
-        patch :patch_update, params: { id: 1 }
+        patch :patch_update, params: patch_params(id: 1)
 
         expect(response.status).to eq 401
       end
@@ -471,7 +471,7 @@ RSpec.describe ScimRails::ScimUsersController, type: :controller do
       it "fails with invalid credentials" do
         request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials("unauthorized","123456")
 
-        patch :patch_update, params: { id: 1 }
+        patch :patch_update, params: patch_params(id: 1)
 
         expect(response.status).to eq 401
       end
@@ -485,19 +485,19 @@ RSpec.describe ScimRails::ScimUsersController, type: :controller do
       end
 
       it "returns scim+json content type" do
-        patch :patch_update, params: { id: 1 }
+        patch :patch_update, params: patch_params(id: 1)
   
         expect(response.content_type).to eq "application/scim+json, application/json"
       end
 
       it "is successful with valid credentials" do
-        patch :patch_update, params: { id: 1 }
+        patch :patch_update, params: patch_params(id: 1)
 
         expect(response.status).to eq 200
       end
 
       it "returns :not_found for id that cannot be found" do
-        get :patch_update, params: { id: "fake_id" }
+        get :patch_update, params: patch_params(id: "fake_id")
 
         expect(response.status).to eq 404
       end
@@ -506,7 +506,7 @@ RSpec.describe ScimRails::ScimUsersController, type: :controller do
         new_company = create(:company)
         create(:user, company: new_company, id: 1000)
 
-        get :patch_update, params: { id: 1000 }
+        get :patch_update, params: patch_params(id: 1000)
 
         expect(response.status).to eq 404
       end
@@ -516,13 +516,60 @@ RSpec.describe ScimRails::ScimUsersController, type: :controller do
         user = company.users.first
         expect(user.archived?).to eq false
 
-        patch :patch_update, params: { id: 1 }
+        patch :patch_update, params: patch_params(id: 1)
 
         expect(response.status).to eq 200
         expect(company.users.count).to eq 1
         user.reload
         expect(user.archived?).to eq true
       end
+
+      it "sucessfully restores user" do
+        expect(company.users.count).to eq 1
+        user = company.users.first.tap(&:archive!)
+        expect(user.archived?).to eq true
+
+        patch :patch_update, params: patch_params(id: 1,  active: true)
+
+        expect(response.status).to eq 200
+        expect(company.users.count).to eq 1
+        user.reload
+        expect(user.archived?).to eq false
+      end
+
+      it "throws an error for non status updates" do
+        patch :patch_update, params: {
+          id: 1,
+          Operations: [
+            {
+              op: "replace",
+              value: {
+                name: {
+                  givenName: "Francis"
+                }
+              }
+            }
+          ]
+        }
+
+        expect(response.status).to eq 422
+        response_body = JSON.parse(response.body)
+        expect(response_body.dig("schemas", 0)).to eq "urn:ietf:params:scim:api:messages:2.0:Error"
+      end
     end
   end
+
+  def patch_params(id:, active: false)
+    {
+      id: id,
+      Operations: [
+        {
+          op: "replace",
+          value: {
+            active: active
+          }
+        }
+      ]
+    }
+  end
 end