RubyGems - scimaenaga - Versions diffs - 0.4.1 - Mend

scimaenaga 0.4.1

Files changed (99) hide show

checksums.yaml +7 -0
data/MIT-LICENSE +20 -0
data/README.md +314 -0
data/Rakefile +34 -0
data/app/controllers/concerns/scim_rails/exception_handler.rb +119 -0
data/app/controllers/concerns/scim_rails/response.rb +94 -0
data/app/controllers/scim_rails/application_controller.rb +72 -0
data/app/controllers/scim_rails/scim_groups_controller.rb +96 -0
data/app/controllers/scim_rails/scim_users_controller.rb +124 -0
data/app/helpers/scim_rails/application_helper.rb +4 -0
data/app/models/scim_rails/application_record.rb +5 -0
data/app/models/scim_rails/authorize_api_request.rb +40 -0
data/app/models/scim_rails/scim_count.rb +38 -0
data/app/models/scim_rails/scim_query_parser.rb +47 -0
data/config/initializers/mime_types.rb +5 -0
data/config/routes.rb +12 -0
data/lib/generators/scim_rails/USAGE +8 -0
data/lib/generators/scim_rails/scim_rails_generator.rb +7 -0
data/lib/generators/scim_rails/templates/initializer.rb +166 -0
data/lib/scim_rails/config.rb +85 -0
data/lib/scim_rails/encoder.rb +25 -0
data/lib/scim_rails/engine.rb +12 -0
data/lib/scim_rails/version.rb +5 -0
data/lib/scim_rails.rb +6 -0
data/lib/tasks/scim_rails_tasks.rake +4 -0
data/spec/controllers/scim_rails/scim_groups_controller_spec.rb +494 -0
data/spec/controllers/scim_rails/scim_groups_request_spec.rb +68 -0
data/spec/controllers/scim_rails/scim_users_controller_spec.rb +681 -0
data/spec/controllers/scim_rails/scim_users_request_spec.rb +77 -0
data/spec/dummy/Rakefile +6 -0
data/spec/dummy/app/assets/config/manifest.js +5 -0
data/spec/dummy/app/assets/javascripts/application.js +13 -0
data/spec/dummy/app/assets/javascripts/cable.js +13 -0
data/spec/dummy/app/assets/stylesheets/application.css +15 -0
data/spec/dummy/app/channels/application_cable/channel.rb +4 -0
data/spec/dummy/app/channels/application_cable/connection.rb +4 -0
data/spec/dummy/app/controllers/application_controller.rb +3 -0
data/spec/dummy/app/helpers/application_helper.rb +2 -0
data/spec/dummy/app/jobs/application_job.rb +2 -0
data/spec/dummy/app/mailers/application_mailer.rb +4 -0
data/spec/dummy/app/models/application_record.rb +3 -0
data/spec/dummy/app/models/company.rb +4 -0
data/spec/dummy/app/models/group.rb +15 -0
data/spec/dummy/app/models/group_user.rb +6 -0
data/spec/dummy/app/models/user.rb +39 -0
data/spec/dummy/app/views/layouts/application.html.erb +14 -0
data/spec/dummy/app/views/layouts/mailer.html.erb +13 -0
data/spec/dummy/app/views/layouts/mailer.text.erb +1 -0
data/spec/dummy/bin/bundle +3 -0
data/spec/dummy/bin/rails +4 -0
data/spec/dummy/bin/rake +4 -0
data/spec/dummy/bin/setup +34 -0
data/spec/dummy/bin/update +29 -0
data/spec/dummy/config/application.rb +15 -0
data/spec/dummy/config/boot.rb +5 -0
data/spec/dummy/config/cable.yml +9 -0
data/spec/dummy/config/database.yml +25 -0
data/spec/dummy/config/environment.rb +5 -0
data/spec/dummy/config/environments/development.rb +54 -0
data/spec/dummy/config/environments/production.rb +86 -0
data/spec/dummy/config/environments/test.rb +42 -0
data/spec/dummy/config/initializers/application_controller_renderer.rb +6 -0
data/spec/dummy/config/initializers/assets.rb +11 -0
data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
data/spec/dummy/config/initializers/cookies_serializer.rb +5 -0
data/spec/dummy/config/initializers/filter_parameter_logging.rb +4 -0
data/spec/dummy/config/initializers/inflections.rb +16 -0
data/spec/dummy/config/initializers/mime_types.rb +4 -0
data/spec/dummy/config/initializers/new_framework_defaults.rb +24 -0
data/spec/dummy/config/initializers/scim_rails_config.rb +85 -0
data/spec/dummy/config/initializers/session_store.rb +3 -0
data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
data/spec/dummy/config/locales/en.yml +23 -0
data/spec/dummy/config/puma.rb +47 -0
data/spec/dummy/config/routes.rb +3 -0
data/spec/dummy/config/secrets.yml +22 -0
data/spec/dummy/config/spring.rb +6 -0
data/spec/dummy/config.ru +5 -0
data/spec/dummy/db/migrate/20181206184304_create_users.rb +15 -0
data/spec/dummy/db/migrate/20181206184313_create_companies.rb +11 -0
data/spec/dummy/db/migrate/20210423075859_create_groups.rb +10 -0
data/spec/dummy/db/migrate/20210423075950_create_group_users.rb +10 -0
data/spec/dummy/db/schema.rb +53 -0
data/spec/dummy/db/seeds.rb +14 -0
data/spec/dummy/public/404.html +67 -0
data/spec/dummy/public/422.html +67 -0
data/spec/dummy/public/500.html +66 -0
data/spec/dummy/public/apple-touch-icon-precomposed.png +0 -0
data/spec/dummy/public/apple-touch-icon.png +0 -0
data/spec/dummy/public/favicon.ico +0 -0
data/spec/factories/company.rb +10 -0
data/spec/factories/group.rb +11 -0
data/spec/factories/user.rb +9 -0
data/spec/lib/scim_rails/encoder_spec.rb +62 -0
data/spec/spec_helper.rb +17 -0
data/spec/support/auth_helper.rb +7 -0
data/spec/support/factory_bot.rb +3 -0
data/spec/support/scim_rails_config.rb +59 -0
metadata +339 -0

data/spec/controllers/scim_rails/scim_users_controller_spec.rb ADDED Viewed

@@ -0,0 +1,681 @@
+# frozen_string_literal: true
+require "spec_helper"
+RSpec.describe ScimRails::ScimUsersController, type: :controller do
+  include AuthHelper
+  routes { ScimRails::Engine.routes }
+  describe "index" do
+    let(:company) { create(:company) }
+    context "when unauthorized" do
+      it "returns scim+json content type" do
+        get :index, as: :json
+        expect(response.media_type).to eq "application/scim+json"
+      end
+      it "fails with no credentials" do
+        get :index, as: :json
+        expect(response.status).to eq 401
+      end
+      it "fails with invalid credentials" do
+        request.env["HTTP_AUTHORIZATION"] =
+          ActionController::HttpAuthentication::Basic
+          .encode_credentials("unauthorized", "123456")
+        get :index, as: :json
+        expect(response.status).to eq 401
+      end
+    end
+    context "when when authorized" do
+      before :each do
+        http_login(company)
+      end
+      it "returns scim+json content type" do
+        get :index, as: :json
+        expect(response.media_type).to eq "application/scim+json"
+      end
+      it "is successful with valid credentials" do
+        get :index, as: :json
+        expect(response.status).to eq 200
+      end
+      it "returns all results" do
+        create_list(:user, 10, company: company)
+        get :index, as: :json
+        response_body = JSON.parse(response.body)
+        expect(response_body.dig("schemas", 0)).to eq "urn:ietf:params:scim:api:messages:2.0:ListResponse"
+        expect(response_body["totalResults"]).to eq 10
+      end
+      it "defaults to 100 results" do
+        create_list(:user, 300, company: company)
+        get :index, as: :json
+        response_body = JSON.parse(response.body)
+        expect(response_body["totalResults"]).to eq 300
+        expect(response_body["Resources"].count).to eq 100
+      end
+      it "paginates results" do
+        create_list(:user, 400, company: company)
+        expect(company.users.first.id).to eq 1
+        get :index, params: {
+          startIndex: 101,
+          count: 200
+        }, as: :json
+        response_body = JSON.parse(response.body)
+        expect(response_body["totalResults"]).to eq 400
+        expect(response_body["Resources"].count).to eq 200
+        expect(response_body.dig("Resources", 0, "id")).to eq 101
+      end
+      it "paginates results by configurable scim_users_list_order" do
+        allow(ScimRails.config).to receive(:scim_users_list_order).and_return({ created_at: :desc })
+        create_list(:user, 400, company: company)
+        expect(company.users.first.id).to eq 1
+        get :index, params: {
+          startIndex: 1,
+          count: 10
+        }, as: :json
+        response_body = JSON.parse(response.body)
+        expect(response_body["totalResults"]).to eq 400
+        expect(response_body["Resources"].count).to eq 10
+        expect(response_body.dig("Resources", 0, "id")).to eq 400
+      end
+      it "filters results by provided email filter" do
+        create(:user, email: "test1@example.com", company: company)
+        create(:user, email: "test2@example.com", company: company)
+        get :index, params: {
+          filter: "email eq test1@example.com"
+        }, as: :json
+        response_body = JSON.parse(response.body)
+        expect(response_body["totalResults"]).to eq 1
+        expect(response_body["Resources"].count).to eq 1
+      end
+      it "filters results by provided name filter" do
+        create(:user, first_name: "Chidi", last_name: "Anagonye", company: company)
+        create(:user, first_name: "Eleanor", last_name: "Shellstrop", company: company)
+        get :index, params: {
+          filter: "familyName eq Shellstrop"
+        }, as: :json
+        response_body = JSON.parse(response.body)
+        expect(response_body["totalResults"]).to eq 1
+        expect(response_body["Resources"].count).to eq 1
+      end
+      it "returns no results for unfound filter parameters" do
+        get :index, params: {
+          filter: "familyName eq fake_not_there"
+        }, as: :json
+        response_body = JSON.parse(response.body)
+        expect(response_body["totalResults"]).to eq 0
+        expect(response_body["Resources"].count).to eq 0
+      end
+      it "returns no results for undefined filter queries" do
+        get :index, params: {
+          filter: "address eq 101 Nowhere USA"
+        }, as: :json
+        expect(response.status).to eq 400
+        response_body = JSON.parse(response.body)
+        expect(response_body.dig("schemas", 0)).to eq "urn:ietf:params:scim:api:messages:2.0:Error"
+      end
+    end
+  end
+  describe "show" do
+    let(:company) { create(:company) }
+    context "when unauthorized" do
+      it "returns scim+json content type" do
+        get :show, params: { id: 1 }, as: :json
+        expect(response.media_type).to eq "application/scim+json"
+      end
+      it "fails with no credentials" do
+        get :show, params: { id: 1 }, as: :json
+        expect(response.status).to eq 401
+      end
+      it "fails with invalid credentials" do
+        request.env["HTTP_AUTHORIZATION"] =
+          ActionController::HttpAuthentication::Basic
+          .encode_credentials("unauthorized", "123456")
+        get :show, params: { id: 1 }, as: :json
+        expect(response.status).to eq 401
+      end
+    end
+    context "when authorized" do
+      before :each do
+        http_login(company)
+      end
+      it "returns scim+json content type" do
+        get :show, params: { id: 1 }, as: :json
+        expect(response.media_type).to eq "application/scim+json"
+      end
+      it "is successful with valid credentials" do
+        create(:user, id: 1, company: company)
+        get :show, params: { id: 1 }, as: :json
+        expect(response.status).to eq 200
+      end
+      it "returns :not_found for id that cannot be found" do
+        get :show, params: { id: "fake_id" }, as: :json
+        expect(response.status).to eq 404
+      end
+      it "returns :not_found for a correct id but unauthorized company" do
+        new_company = create(:company)
+        create(:user, company: new_company, id: 1)
+        get :show, params: { id: 1 }, as: :json
+        expect(response.status).to eq 404
+      end
+    end
+  end
+  describe "create" do
+    let(:company) { create(:company) }
+    context "when unauthorized" do
+      it "returns scim+json content type" do
+        post :create, as: :json
+        expect(response.media_type).to eq "application/scim+json"
+      end
+      it "fails with no credentials" do
+        post :create, as: :json
+        expect(response.status).to eq 401
+      end
+      it "fails with invalid credentials" do
+        request.env["HTTP_AUTHORIZATION"] =
+          ActionController::HttpAuthentication::Basic
+          .encode_credentials("unauthorized", "123456")
+        post :create, as: :json
+        expect(response.status).to eq 401
+      end
+    end
+    context "when authorized" do
+      before :each do
+        http_login(company)
+      end
+      it "returns scim+json content type" do
+        post :create, params: {
+          name: {
+            givenName: "New",
+            familyName: "User"
+          },
+          emails: [
+            {
+              value: "new@example.com"
+            }
+          ]
+        }, as: :json
+        expect(response.media_type).to eq "application/scim+json"
+      end
+      it "is successful with valid credentials" do
+        expect(company.users.count).to eq 0
+        post :create, params: {
+          name: {
+            givenName: "New",
+            familyName: "User"
+          },
+          emails: [
+            {
+              value: "new@example.com"
+            }
+          ]
+        }, as: :json
+        expect(response.status).to eq 201
+        expect(company.users.count).to eq 1
+        user = company.users.first
+        expect(user.persisted?).to eq true
+        expect(user.first_name).to eq "New"
+        expect(user.last_name).to eq "User"
+        expect(user.email).to eq "new@example.com"
+      end
+      it "ignores unconfigured params" do
+        post :create, params: {
+          name: {
+            formattedName: "New User",
+            givenName: "New",
+            familyName: "User"
+          },
+          emails: [
+            {
+              value: "new@example.com"
+            }
+          ]
+        }, as: :json
+        expect(response.status).to eq 201
+        expect(company.users.count).to eq 1
+      end
+      it "returns 422 if required params are missing" do
+        post :create, params: {
+          name: {
+            familyName: "User"
+          },
+          emails: [
+            {
+              value: "new@example.com"
+            }
+          ]
+        }, as: :json
+        expect(response.status).to eq 422
+        expect(company.users.count).to eq 0
+      end
+      it "returns 201 if user already exists and updates user" do
+        create(:user, email: "new@example.com", company: company)
+        post :create, params: {
+          name: {
+            givenName: "Not New",
+            familyName: "User"
+          },
+          emails: [
+            {
+              value: "new@example.com"
+            }
+          ]
+        }, as: :json
+        expect(response.status).to eq 201
+        expect(company.users.count).to eq 1
+        expect(company.users.first.first_name).to eq "Not New"
+      end
+      it "returns 409 if user already exists and config.scim_user_prevent_update_on_create is set to true" do
+        allow(ScimRails.config).to receive(:scim_user_prevent_update_on_create).and_return(true)
+        create(:user, email: "new@example.com", company: company)
+        post :create, params: {
+          name: {
+            givenName: "Not New",
+            familyName: "User"
+          },
+          emails: [
+            {
+              value: "new@example.com"
+            }
+          ]
+        }, as: :json
+        expect(response.status).to eq 409
+        expect(company.users.count).to eq 1
+      end
+      it "creates and archives inactive user" do
+        post :create, params: {
+          id: 1,
+          userName: "test@example.com",
+          name: {
+            givenName: "Test",
+            familyName: "User"
+          },
+          emails: [
+            {
+              value: "test@example.com"
+            }
+          ],
+          active: "false"
+        }, as: :json
+        expect(response.status).to eq 201
+        expect(company.users.count).to eq 1
+        user = company.users.first
+        expect(user.archived?).to eq true
+      end
+    end
+  end
+  describe "put update" do
+    let(:company) { create(:company) }
+    context "when unauthorized" do
+      it "returns scim+json content type" do
+        put :put_update, params: { id: 1 }, as: :json
+        expect(response.media_type).to eq "application/scim+json"
+      end
+      it "fails with no credentials" do
+        put :put_update, params: { id: 1 }, as: :json
+        expect(response.status).to eq 401
+      end
+      it "fails with invalid credentials" do
+        request.env["HTTP_AUTHORIZATION"] =
+          ActionController::HttpAuthentication::Basic
+          .encode_credentials("unauthorized", "123456")
+        put :put_update, params: { id: 1 }, as: :json
+        expect(response.status).to eq 401
+      end
+    end
+    context "when authorized" do
+      let!(:user) { create(:user, id: 1, company: company) }
+      before :each do
+        http_login(company)
+      end
+      it "returns scim+json content type" do
+        put :put_update, params: put_params, as: :json
+        expect(response.media_type).to eq "application/scim+json"
+      end
+      it "is successful with with valid credentials" do
+        put :put_update, params: put_params, as: :json
+        expect(response.status).to eq 200
+      end
+      it "deprovisions an active record" do
+        request.content_type = "application/scim+json"
+        put :put_update, params: put_params(active: false), as: :json
+        expect(response.status).to eq 200
+        expect(user.reload.active?).to eq false
+      end
+      it "reprovisions an inactive record" do
+        user.archive!
+        expect(user.reload.active?).to eq false
+        request.content_type = "application/scim+json"
+        put :put_update, params: put_params(active: true), as: :json
+        expect(response.status).to eq 200
+        expect(user.reload.active?).to eq true
+      end
+      it "returns :not_found for id that cannot be found" do
+        put :put_update, params: { id: "fake_id" }, as: :json
+        expect(response.status).to eq 404
+      end
+      it "returns :not_found for a correct id but unauthorized company" do
+        new_company = create(:company)
+        create(:user, company: new_company, id: 1000)
+        put :put_update, params: { id: 1000 }, as: :json
+        expect(response.status).to eq 404
+      end
+      it "is returns 422 with incomplete request" do
+        put :put_update, params: {
+          id: 1,
+          userName: "test@example.com",
+          emails: [
+            {
+              value: "test@example.com"
+            }
+          ],
+          active: "true"
+        }, as: :json
+        expect(response.status).to eq 422
+      end
+    end
+  end
+  describe "patch update" do
+    let(:company) { create(:company) }
+    context "when unauthorized" do
+      it "returns scim+json content type" do
+        patch :patch_update, params: patch_params(id: 1), as: :json
+        expect(response.media_type).to eq "application/scim+json"
+      end
+      it "fails with no credentials" do
+        patch :patch_update, params: patch_params(id: 1), as: :json
+        expect(response.status).to eq 401
+      end
+      it "fails with invalid credentials" do
+        request.env["HTTP_AUTHORIZATION"] =
+          ActionController::HttpAuthentication::Basic
+          .encode_credentials("unauthorized", "123456")
+        patch :patch_update, params: patch_params(id: 1), as: :json
+        expect(response.status).to eq 401
+      end
+    end
+    context "when authorized" do
+      let!(:user) { create(:user, id: 1, company: company) }
+      before :each do
+        http_login(company)
+      end
+      it "returns scim+json content type" do
+        patch :patch_update, params: patch_params(id: 1), as: :json
+        expect(response.media_type).to eq "application/scim+json"
+      end
+      it "is successful with valid credentials" do
+        patch :patch_update, params: patch_params(id: 1), as: :json
+        expect(response.status).to eq 200
+      end
+      it "returns :not_found for id that cannot be found" do
+        get :patch_update, params: patch_params(id: "fake_id"), as: :json
+        expect(response.status).to eq 404
+      end
+      it "returns :not_found for a correct id but unauthorized company" do
+        new_company = create(:company)
+        create(:user, company: new_company, id: 1000)
+        get :patch_update, params: patch_params(id: 1000), as: :json
+        expect(response.status).to eq 404
+      end
+      it "successfully archives user" do
+        expect(company.users.count).to eq 1
+        user = company.users.first
+        expect(user.archived?).to eq false
+        patch :patch_update, params: patch_params(id: 1), as: :json
+        expect(response.status).to eq 200
+        expect(company.users.count).to eq 1
+        user.reload
+        expect(user.archived?).to eq true
+      end
+      it "successfully restores user" do
+        expect(company.users.count).to eq 1
+        user = company.users.first.tap(&:archive!)
+        expect(user.archived?).to eq true
+        patch \
+          :patch_update,
+          params: patch_params(id: 1, active: true),
+          as: :json
+        expect(response.status).to eq 200
+        expect(company.users.count).to eq 1
+        user.reload
+        expect(user.archived?).to eq false
+      end
+      it "is case insensetive for op value" do
+        # Note, this is for backward compatibility. op should always
+        # be lower case and support for case insensitivity will be removed
+        patch :patch_update, params: {
+          id: 1,
+          Operations: [
+            {
+              op: "Replace",
+              value: {
+                active: false
+              }
+            }
+          ]
+        }, as: :json
+        expect(response.status).to eq 200
+      end
+      it "throws an error for non status updates" do
+        patch :patch_update, params: {
+          id: 1,
+          Operations: [
+            {
+              op: "replace",
+              value: {
+                name: {
+                  givenName: "Francis"
+                }
+              }
+            }
+          ]
+        }, as: :json
+        expect(response.status).to eq 422
+        response_body = JSON.parse(response.body)
+        expect(response_body.dig("schemas", 0)).to eq "urn:ietf:params:scim:api:messages:2.0:Error"
+      end
+      it "returns 422 when value is not an object" do
+        patch :patch_update, params: {
+          id: 1,
+          Operations: [
+            {
+              op: "replace",
+              path: "displayName",
+              value: "Francis"
+            }
+          ]
+        }
+        expect(response.status).to eq 422
+        response_body = JSON.parse(response.body)
+        expect(response_body.dig("schemas", 0)).to eq "urn:ietf:params:scim:api:messages:2.0:Error"
+      end
+      it "returns 422 when value is missing" do
+        patch :patch_update, params: {
+          id: 1,
+          Operations: [
+            {
+              op: "replace"
+            }
+          ]
+        }, as: :json
+        expect(response.status).to eq 422
+        response_body = JSON.parse(response.body)
+        expect(response_body.dig("schemas", 0)).to eq "urn:ietf:params:scim:api:messages:2.0:Error"
+      end
+      it "returns 422 operations key is missing" do
+        patch :patch_update, params: {
+          id: 1,
+          Foobars: [
+            {
+              op: "replace"
+            }
+          ]
+        }, as: :json
+        expect(response.status).to eq 422
+        response_body = JSON.parse(response.body)
+        expect(response_body.dig("schemas", 0)).to eq "urn:ietf:params:scim:api:messages:2.0:Error"
+      end
+    end
+  end
+  def patch_params(id:, active: false)
+    {
+      id: id,
+      Operations: [
+        {
+          op: "replace",
+          value: {
+            active: active
+          }
+        }
+      ]
+    }
+  end
+  def put_params(active: true)
+    {
+      id: 1,
+      userName: "test@example.com",
+      name: {
+        givenName: "Test",
+        familyName: "User"
+      },
+      emails: [
+        {
+          value: "test@example.com"
+        }
+      ],
+      active: active
+    }
+  end
+end