RubyGems - scimaenaga - Versions diffs - 0.4.1 - Mend

scimaenaga 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (99) hide show

checksums.yaml +7 -0
data/MIT-LICENSE +20 -0
data/README.md +314 -0
data/Rakefile +34 -0
data/app/controllers/concerns/scim_rails/exception_handler.rb +119 -0
data/app/controllers/concerns/scim_rails/response.rb +94 -0
data/app/controllers/scim_rails/application_controller.rb +72 -0
data/app/controllers/scim_rails/scim_groups_controller.rb +96 -0
data/app/controllers/scim_rails/scim_users_controller.rb +124 -0
data/app/helpers/scim_rails/application_helper.rb +4 -0
data/app/models/scim_rails/application_record.rb +5 -0
data/app/models/scim_rails/authorize_api_request.rb +40 -0
data/app/models/scim_rails/scim_count.rb +38 -0
data/app/models/scim_rails/scim_query_parser.rb +47 -0
data/config/initializers/mime_types.rb +5 -0
data/config/routes.rb +12 -0
data/lib/generators/scim_rails/USAGE +8 -0
data/lib/generators/scim_rails/scim_rails_generator.rb +7 -0
data/lib/generators/scim_rails/templates/initializer.rb +166 -0
data/lib/scim_rails/config.rb +85 -0
data/lib/scim_rails/encoder.rb +25 -0
data/lib/scim_rails/engine.rb +12 -0
data/lib/scim_rails/version.rb +5 -0
data/lib/scim_rails.rb +6 -0
data/lib/tasks/scim_rails_tasks.rake +4 -0
data/spec/controllers/scim_rails/scim_groups_controller_spec.rb +494 -0
data/spec/controllers/scim_rails/scim_groups_request_spec.rb +68 -0
data/spec/controllers/scim_rails/scim_users_controller_spec.rb +681 -0
data/spec/controllers/scim_rails/scim_users_request_spec.rb +77 -0
data/spec/dummy/Rakefile +6 -0
data/spec/dummy/app/assets/config/manifest.js +5 -0
data/spec/dummy/app/assets/javascripts/application.js +13 -0
data/spec/dummy/app/assets/javascripts/cable.js +13 -0
data/spec/dummy/app/assets/stylesheets/application.css +15 -0
data/spec/dummy/app/channels/application_cable/channel.rb +4 -0
data/spec/dummy/app/channels/application_cable/connection.rb +4 -0
data/spec/dummy/app/controllers/application_controller.rb +3 -0
data/spec/dummy/app/helpers/application_helper.rb +2 -0
data/spec/dummy/app/jobs/application_job.rb +2 -0
data/spec/dummy/app/mailers/application_mailer.rb +4 -0
data/spec/dummy/app/models/application_record.rb +3 -0
data/spec/dummy/app/models/company.rb +4 -0
data/spec/dummy/app/models/group.rb +15 -0
data/spec/dummy/app/models/group_user.rb +6 -0
data/spec/dummy/app/models/user.rb +39 -0
data/spec/dummy/app/views/layouts/application.html.erb +14 -0
data/spec/dummy/app/views/layouts/mailer.html.erb +13 -0
data/spec/dummy/app/views/layouts/mailer.text.erb +1 -0
data/spec/dummy/bin/bundle +3 -0
data/spec/dummy/bin/rails +4 -0
data/spec/dummy/bin/rake +4 -0
data/spec/dummy/bin/setup +34 -0
data/spec/dummy/bin/update +29 -0
data/spec/dummy/config/application.rb +15 -0
data/spec/dummy/config/boot.rb +5 -0
data/spec/dummy/config/cable.yml +9 -0
data/spec/dummy/config/database.yml +25 -0
data/spec/dummy/config/environment.rb +5 -0
data/spec/dummy/config/environments/development.rb +54 -0
data/spec/dummy/config/environments/production.rb +86 -0
data/spec/dummy/config/environments/test.rb +42 -0
data/spec/dummy/config/initializers/application_controller_renderer.rb +6 -0
data/spec/dummy/config/initializers/assets.rb +11 -0
data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
data/spec/dummy/config/initializers/cookies_serializer.rb +5 -0
data/spec/dummy/config/initializers/filter_parameter_logging.rb +4 -0
data/spec/dummy/config/initializers/inflections.rb +16 -0
data/spec/dummy/config/initializers/mime_types.rb +4 -0
data/spec/dummy/config/initializers/new_framework_defaults.rb +24 -0
data/spec/dummy/config/initializers/scim_rails_config.rb +85 -0
data/spec/dummy/config/initializers/session_store.rb +3 -0
data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
data/spec/dummy/config/locales/en.yml +23 -0
data/spec/dummy/config/puma.rb +47 -0
data/spec/dummy/config/routes.rb +3 -0
data/spec/dummy/config/secrets.yml +22 -0
data/spec/dummy/config/spring.rb +6 -0
data/spec/dummy/config.ru +5 -0
data/spec/dummy/db/migrate/20181206184304_create_users.rb +15 -0
data/spec/dummy/db/migrate/20181206184313_create_companies.rb +11 -0
data/spec/dummy/db/migrate/20210423075859_create_groups.rb +10 -0
data/spec/dummy/db/migrate/20210423075950_create_group_users.rb +10 -0
data/spec/dummy/db/schema.rb +53 -0
data/spec/dummy/db/seeds.rb +14 -0
data/spec/dummy/public/404.html +67 -0
data/spec/dummy/public/422.html +67 -0
data/spec/dummy/public/500.html +66 -0
data/spec/dummy/public/apple-touch-icon-precomposed.png +0 -0
data/spec/dummy/public/apple-touch-icon.png +0 -0
data/spec/dummy/public/favicon.ico +0 -0
data/spec/factories/company.rb +10 -0
data/spec/factories/group.rb +11 -0
data/spec/factories/user.rb +9 -0
data/spec/lib/scim_rails/encoder_spec.rb +62 -0
data/spec/spec_helper.rb +17 -0
data/spec/support/auth_helper.rb +7 -0
data/spec/support/factory_bot.rb +3 -0
data/spec/support/scim_rails_config.rb +59 -0
metadata +339 -0

data/spec/controllers/scim_rails/scim_users_controller_spec.rb ADDED Viewed

@@ -0,0 +1,681 @@
+# frozen_string_literal: true
+require "spec_helper"
+RSpec.describe ScimRails::ScimUsersController, type: :controller do
+  include AuthHelper
+  routes { ScimRails::Engine.routes }
+  describe "index" do
+    let(:company) { create(:company) }
+    context "when unauthorized" do
+      it "returns scim+json content type" do
+        get :index, as: :json
+        expect(response.media_type).to eq "application/scim+json"
+      end
+      it "fails with no credentials" do
+        get :index, as: :json
+        expect(response.status).to eq 401
+      end
+      it "fails with invalid credentials" do
+        request.env["HTTP_AUTHORIZATION"] =
+          ActionController::HttpAuthentication::Basic
+          .encode_credentials("unauthorized", "123456")
+        get :index, as: :json
+        expect(response.status).to eq 401
+      end
+    end
+    context "when when authorized" do
+      before :each do
+        http_login(company)
+      end
+      it "returns scim+json content type" do
+        get :index, as: :json
+        expect(response.media_type).to eq "application/scim+json"
+      end
+      it "is successful with valid credentials" do
+        get :index, as: :json
+        expect(response.status).to eq 200
+      end
+      it "returns all results" do
+        create_list(:user, 10, company: company)
+        get :index, as: :json
+        response_body = JSON.parse(response.body)
+        expect(response_body.dig("schemas", 0)).to eq "urn:ietf:params:scim:api:messages:2.0:ListResponse"
+        expect(response_body["totalResults"]).to eq 10
+      end
+      it "defaults to 100 results" do
+        create_list(:user, 300, company: company)
+        get :index, as: :json
+        response_body = JSON.parse(response.body)
+        expect(response_body["totalResults"]).to eq 300
+        expect(response_body["Resources"].count).to eq 100
+      end
+      it "paginates results" do
+        create_list(:user, 400, company: company)
+        expect(company.users.first.id).to eq 1
+        get :index, params: {
+          startIndex: 101,
+          count: 200
+        }, as: :json
+        response_body = JSON.parse(response.body)
+        expect(response_body["totalResults"]).to eq 400
+        expect(response_body["Resources"].count).to eq 200
+        expect(response_body.dig("Resources", 0, "id")).to eq 101
+      end
+      it "paginates results by configurable scim_users_list_order" do
+        allow(ScimRails.config).to receive(:scim_users_list_order).and_return({ created_at: :desc })
+        create_list(:user, 400, company: company)
+        expect(company.users.first.id).to eq 1
+        get :index, params: {
+          startIndex: 1,
+          count: 10
+        }, as: :json
+        response_body = JSON.parse(response.body)
+        expect(response_body["totalResults"]).to eq 400
+        expect(response_body["Resources"].count).to eq 10
+        expect(response_body.dig("Resources", 0, "id")).to eq 400
+      end
+      it "filters results by provided email filter" do
+        create(:user, email: "test1@example.com", company: company)
+        create(:user, email: "test2@example.com", company: company)
+        get :index, params: {
+          filter: "email eq test1@example.com"
+        }, as: :json
+        response_body = JSON.parse(response.body)
+        expect(response_body["totalResults"]).to eq 1
+        expect(response_body["Resources"].count).to eq 1
+      end
+      it "filters results by provided name filter" do
+        create(:user, first_name: "Chidi", last_name: "Anagonye", company: company)
+        create(:user, first_name: "Eleanor", last_name: "Shellstrop", company: company)
+        get :index, params: {
+          filter: "familyName eq Shellstrop"
+        }, as: :json
+        response_body = JSON.parse(response.body)
+        expect(response_body["totalResults"]).to eq 1
+        expect(response_body["Resources"].count).to eq 1
+      end
+      it "returns no results for unfound filter parameters" do
+        get :index, params: {
+          filter: "familyName eq fake_not_there"
+        }, as: :json
+        response_body = JSON.parse(response.body)
+        expect(response_body["totalResults"]).to eq 0
+        expect(response_body["Resources"].count).to eq 0
+      end
+      it "returns no results for undefined filter queries" do
+        get :index, params: {
+          filter: "address eq 101 Nowhere USA"
+        }, as: :json
+        expect(response.status).to eq 400
+        response_body = JSON.parse(response.body)
+        expect(response_body.dig("schemas", 0)).to eq "urn:ietf:params:scim:api:messages:2.0:Error"
+      end
+    end
+  end
+  describe "show" do
+    let(:company) { create(:company) }
+    context "when unauthorized" do
+      it "returns scim+json content type" do
+        get :show, params: { id: 1 }, as: :json
+        expect(response.media_type).to eq "application/scim+json"
+      end
+      it "fails with no credentials" do
+        get :show, params: { id: 1 }, as: :json
+        expect(response.status).to eq 401
+      end
+      it "fails with invalid credentials" do
+        request.env["HTTP_AUTHORIZATION"] =
+          ActionController::HttpAuthentication::Basic
+          .encode_credentials("unauthorized", "123456")
+        get :show, params: { id: 1 }, as: :json
+        expect(response.status).to eq 401
+      end
+    end
+    context "when authorized" do
+      before :each do
+        http_login(company)
+      end
+      it "returns scim+json content type" do
+        get :show, params: { id: 1 }, as: :json
+        expect(response.media_type).to eq "application/scim+json"
+      end
+      it "is successful with valid credentials" do
+        create(:user, id: 1, company: company)
+        get :show, params: { id: 1 }, as: :json
+        expect(response.status).to eq 200
+      end
+      it "returns :not_found for id that cannot be found" do
+        get :show, params: { id: "fake_id" }, as: :json
+        expect(response.status).to eq 404
+      end
+      it "returns :not_found for a correct id but unauthorized company" do
+        new_company = create(:company)
+        create(:user, company: new_company, id: 1)
+        get :show, params: { id: 1 }, as: :json
+        expect(response.status).to eq 404
+      end
+    end
+  end
+  describe "create" do
+    let(:company) { create(:company) }
+    context "when unauthorized" do
+      it "returns scim+json content type" do
+        post :create, as: :json
+        expect(response.media_type).to eq "application/scim+json"
+      end
+      it "fails with no credentials" do
+        post :create, as: :json
+        expect(response.status).to eq 401
+      end
+      it "fails with invalid credentials" do
+        request.env["HTTP_AUTHORIZATION"] =
+          ActionController::HttpAuthentication::Basic
+          .encode_credentials("unauthorized", "123456")
+        post :create, as: :json
+        expect(response.status).to eq 401
+      end
+    end
+    context "when authorized" do
+      before :each do
+        http_login(company)
+      end
+      it "returns scim+json content type" do
+        post :create, params: {
+          name: {
+            givenName: "New",
+            familyName: "User"
+          },
+          emails: [
+            {
+              value: "new@example.com"
+            }
+          ]
+        }, as: :json
+        expect(response.media_type).to eq "application/scim+json"
+      end
+      it "is successful with valid credentials" do
+        expect(company.users.count).to eq 0
+        post :create, params: {
+          name: {
+            givenName: "New",
+            familyName: "User"
+          },
+          emails: [
+            {
+              value: "new@example.com"
+            }
+          ]
+        }, as: :json
+        expect(response.status).to eq 201
+        expect(company.users.count).to eq 1
+        user = company.users.first
+        expect(user.persisted?).to eq true
+        expect(user.first_name).to eq "New"
+        expect(user.last_name).to eq "User"
+        expect(user.email).to eq "new@example.com"
+      end
+      it "ignores unconfigured params" do
+        post :create, params: {
+          name: {
+            formattedName: "New User",
+            givenName: "New",
+            familyName: "User"
+          },
+          emails: [
+            {
+              value: "new@example.com"
+            }
+          ]
+        }, as: :json
+        expect(response.status).to eq 201
+        expect(company.users.count).to eq 1
+      end
+      it "returns 422 if required params are missing" do
+        post :create, params: {
+          name: {
+            familyName: "User"
+          },
+          emails: [
+            {
+              value: "new@example.com"
+            }
+          ]
+        }, as: :json
+        expect(response.status).to eq 422
+        expect(company.users.count).to eq 0
+      end
+      it "returns 201 if user already exists and updates user" do
+        create(:user, email: "new@example.com", company: company)
+        post :create, params: {
+          name: {
+            givenName: "Not New",
+            familyName: "User"
+          },
+          emails: [
+            {
+              value: "new@example.com"
+            }
+          ]
+        }, as: :json
+        expect(response.status).to eq 201
+        expect(company.users.count).to eq 1
+        expect(company.users.first.first_name).to eq "Not New"
+      end
+      it "returns 409 if user already exists and config.scim_user_prevent_update_on_create is set to true" do
+        allow(ScimRails.config).to receive(:scim_user_prevent_update_on_create).and_return(true)
+        create(:user, email: "new@example.com", company: company)
+        post :create, params: {
+          name: {
+            givenName: "Not New",
+            familyName: "User"
+          },
+          emails: [
+            {
+              value: "new@example.com"
+            }
+          ]
+        }, as: :json
+        expect(response.status).to eq 409
+        expect(company.users.count).to eq 1
+      end
+      it "creates and archives inactive user" do
+        post :create, params: {
+          id: 1,
+          userName: "test@example.com",
+          name: {
+            givenName: "Test",
+            familyName: "User"
+          },
+          emails: [
+            {
+              value: "test@example.com"
+            }
+          ],
+          active: "false"
+        }, as: :json
+        expect(response.status).to eq 201
+        expect(company.users.count).to eq 1
+        user = company.users.first
+        expect(user.archived?).to eq true
+      end
+    end
+  end
+  describe "put update" do
+    let(:company) { create(:company) }
+    context "when unauthorized" do
+      it "returns scim+json content type" do
+        put :put_update, params: { id: 1 }, as: :json
+        expect(response.media_type).to eq "application/scim+json"
+      end
+      it "fails with no credentials" do
+        put :put_update, params: { id: 1 }, as: :json
+        expect(response.status).to eq 401
+      end
+      it "fails with invalid credentials" do
+        request.env["HTTP_AUTHORIZATION"] =
+          ActionController::HttpAuthentication::Basic
+          .encode_credentials("unauthorized", "123456")
+        put :put_update, params: { id: 1 }, as: :json
+        expect(response.status).to eq 401
+      end
+    end
+    context "when authorized" do
+      let!(:user) { create(:user, id: 1, company: company) }
+      before :each do
+        http_login(company)
+      end
+      it "returns scim+json content type" do
+        put :put_update, params: put_params, as: :json
+        expect(response.media_type).to eq "application/scim+json"
+      end
+      it "is successful with with valid credentials" do
+        put :put_update, params: put_params, as: :json
+        expect(response.status).to eq 200
+      end
+      it "deprovisions an active record" do
+        request.content_type = "application/scim+json"
+        put :put_update, params: put_params(active: false), as: :json
+        expect(response.status).to eq 200
+        expect(user.reload.active?).to eq false
+      end
+      it "reprovisions an inactive record" do
+        user.archive!
+        expect(user.reload.active?).to eq false
+        request.content_type = "application/scim+json"
+        put :put_update, params: put_params(active: true), as: :json
+        expect(response.status).to eq 200
+        expect(user.reload.active?).to eq true
+      end
+      it "returns :not_found for id that cannot be found" do
+        put :put_update, params: { id: "fake_id" }, as: :json
+        expect(response.status).to eq 404
+      end
+      it "returns :not_found for a correct id but unauthorized company" do
+        new_company = create(:company)
+        create(:user, company: new_company, id: 1000)
+        put :put_update, params: { id: 1000 }, as: :json
+        expect(response.status).to eq 404
+      end
+      it "is returns 422 with incomplete request" do
+        put :put_update, params: {
+          id: 1,
+          userName: "test@example.com",
+          emails: [
+            {
+              value: "test@example.com"
+            }
+          ],
+          active: "true"
+        }, as: :json
+        expect(response.status).to eq 422
+      end
+    end
+  end
+  describe "patch update" do
+    let(:company) { create(:company) }
+    context "when unauthorized" do
+      it "returns scim+json content type" do
+        patch :patch_update, params: patch_params(id: 1), as: :json
+        expect(response.media_type).to eq "application/scim+json"
+      end
+      it "fails with no credentials" do
+        patch :patch_update, params: patch_params(id: 1), as: :json
+        expect(response.status).to eq 401
+      end
+      it "fails with invalid credentials" do
+        request.env["HTTP_AUTHORIZATION"] =
+          ActionController::HttpAuthentication::Basic
+          .encode_credentials("unauthorized", "123456")
+        patch :patch_update, params: patch_params(id: 1), as: :json
+        expect(response.status).to eq 401
+      end
+    end
+    context "when authorized" do
+      let!(:user) { create(:user, id: 1, company: company) }
+      before :each do
+        http_login(company)
+      end
+      it "returns scim+json content type" do
+        patch :patch_update, params: patch_params(id: 1), as: :json
+        expect(response.media_type).to eq "application/scim+json"
+      end
+      it "is successful with valid credentials" do
+        patch :patch_update, params: patch_params(id: 1), as: :json
+        expect(response.status).to eq 200
+      end
+      it "returns :not_found for id that cannot be found" do
+        get :patch_update, params: patch_params(id: "fake_id"), as: :json
+        expect(response.status).to eq 404
+      end
+      it "returns :not_found for a correct id but unauthorized company" do
+        new_company = create(:company)
+        create(:user, company: new_company, id: 1000)
+        get :patch_update, params: patch_params(id: 1000), as: :json
+        expect(response.status).to eq 404
+      end
+      it "successfully archives user" do
+        expect(company.users.count).to eq 1
+        user = company.users.first
+        expect(user.archived?).to eq false
+        patch :patch_update, params: patch_params(id: 1), as: :json
+        expect(response.status).to eq 200
+        expect(company.users.count).to eq 1
+        user.reload
+        expect(user.archived?).to eq true
+      end
+      it "successfully restores user" do
+        expect(company.users.count).to eq 1
+        user = company.users.first.tap(&:archive!)
+        expect(user.archived?).to eq true
+        patch \
+          :patch_update,
+          params: patch_params(id: 1, active: true),
+          as: :json
+        expect(response.status).to eq 200
+        expect(company.users.count).to eq 1
+        user.reload
+        expect(user.archived?).to eq false
+      end
+      it "is case insensetive for op value" do
+        # Note, this is for backward compatibility. op should always
+        # be lower case and support for case insensitivity will be removed
+        patch :patch_update, params: {
+          id: 1,
+          Operations: [
+            {
+              op: "Replace",
+              value: {
+                active: false
+              }
+            }
+          ]
+        }, as: :json
+        expect(response.status).to eq 200
+      end
+      it "throws an error for non status updates" do
+        patch :patch_update, params: {
+          id: 1,
+          Operations: [
+            {
+              op: "replace",
+              value: {
+                name: {
+                  givenName: "Francis"
+                }
+              }
+            }
+          ]
+        }, as: :json
+        expect(response.status).to eq 422
+        response_body = JSON.parse(response.body)
+        expect(response_body.dig("schemas", 0)).to eq "urn:ietf:params:scim:api:messages:2.0:Error"
+      end
+      it "returns 422 when value is not an object" do
+        patch :patch_update, params: {
+          id: 1,
+          Operations: [
+            {
+              op: "replace",
+              path: "displayName",
+              value: "Francis"
+            }
+          ]
+        }
+        expect(response.status).to eq 422
+        response_body = JSON.parse(response.body)
+        expect(response_body.dig("schemas", 0)).to eq "urn:ietf:params:scim:api:messages:2.0:Error"
+      end
+      it "returns 422 when value is missing" do
+        patch :patch_update, params: {
+          id: 1,
+          Operations: [
+            {
+              op: "replace"
+            }
+          ]
+        }, as: :json
+        expect(response.status).to eq 422
+        response_body = JSON.parse(response.body)
+        expect(response_body.dig("schemas", 0)).to eq "urn:ietf:params:scim:api:messages:2.0:Error"
+      end
+      it "returns 422 operations key is missing" do
+        patch :patch_update, params: {
+          id: 1,
+          Foobars: [
+            {
+              op: "replace"
+            }
+          ]
+        }, as: :json
+        expect(response.status).to eq 422
+        response_body = JSON.parse(response.body)
+        expect(response_body.dig("schemas", 0)).to eq "urn:ietf:params:scim:api:messages:2.0:Error"
+      end
+    end
+  end
+  def patch_params(id:, active: false)
+    {
+      id: id,
+      Operations: [
+        {
+          op: "replace",
+          value: {
+            active: active
+          }
+        }
+      ]
+    }
+  end
+  def put_params(active: true)
+    {
+      id: 1,
+      userName: "test@example.com",
+      name: {
+        givenName: "Test",
+        familyName: "User"
+      },
+      emails: [
+        {
+          value: "test@example.com"
+        }
+      ],
+      active: active
+    }
+  end
+end