scimaenaga 0.6.1 → 0.9.0

data/spec/dummy/app/models/user.rb

@@ -3,6 +3,8 @@ class User < ApplicationRecord
   has_many :group_users
   has_many :groups, through: :group_users
 
+  before_destroy :check_deletable
+
   validates \
     :first_name,
     :last_name,
@@ -48,4 +50,11 @@ class User < ApplicationRecord
     write_attribute(:archived_at, nil)
     save!
   end
+
+  def check_deletable
+    return if deletable
+
+    errors.add(:base, 'The specified user could not be deleted.')
+    throw :abort
+  end
 end

data/spec/dummy/config/initializers/scim_rails_config.rb

@@ -1,7 +1,7 @@
 ScimRails.configure do |config|
-  config.basic_auth_model = "Company"
-  config.scim_users_model = "User"
-  config.scim_groups_model = "Group"
+  config.basic_auth_model = 'Company'
+  config.scim_users_model = 'User'
+  config.scim_groups_model = 'Group'
 
   config.basic_auth_model_searchable_attribute = :subdomain
   config.basic_auth_model_authenticatable_attribute = :api_token
@@ -9,54 +9,57 @@ ScimRails.configure do |config|
   config.scim_users_list_order = :id
   config.scim_groups_scope = :groups
 
-  config.signing_algorithm = "HS256"
-  config.signing_secret = "2d6806dd11c2fece2e81b8ca76dcb0062f5b08e28e3264e8ba1c44bbd3578b70"
+  config.signing_algorithm = 'HS256'
+  config.signing_secret = '2d6806dd11c2fece2e81b8ca76dcb0062f5b08e28e3264e8ba1c44bbd3578b70'
 
-  config.mutable_user_attributes = [
-    :first_name,
-    :last_name,
-    :email,
-    :active
+  config.user_destroy_method = :destroy!
+  config.group_destroy_method = :destroy!
+
+  config.mutable_user_attributes = %i[
+    first_name
+    last_name
+    email
+    active
   ]
 
   config.queryable_user_attributes = {
     userName: :email,
     givenName: :first_name,
     familyName: :last_name,
-    email: :email
+    email: :email,
   }
 
   config.mutable_user_attributes_schema = {
     name: {
       givenName: :first_name,
-      familyName: :last_name
+      familyName: :last_name,
     },
     emails: [
       {
-        value: :email
+        value: :email,
       }
     ],
-    active: :active
+    active: :active,
   }
 
   config.user_schema = {
-    schemas: ["urn:ietf:params:scim:schemas:core:2.0:User"],
+    schemas: ['urn:ietf:params:scim:schemas:core:2.0:User'],
     id: :id,
     userName: :email,
     name: {
       givenName: :first_name,
-      familyName: :last_name
+      familyName: :last_name,
     },
     emails: [
       {
-        value: :email
-      },
+        value: :email,
+      }
     ],
-    active: :unarchived?
+    active: :unarchived?,
   }
 
   config.queryable_group_attributes = {
-    displayName: :name
+    displayName: :name,
   }
 
   config.mutable_group_attributes = [
@@ -64,21 +67,21 @@ ScimRails.configure do |config|
   ]
 
   config.mutable_group_attributes_schema = {
-    displayName: :name
+    displayName: :name,
   }
 
   config.group_member_relation_attribute = :user_ids
   config.group_member_relation_schema = { value: :user_ids }
 
   config.group_schema = {
-    schemas: ["urn:ietf:params:scim:schemas:core:2.0:Group"],
+    schemas: ['urn:ietf:params:scim:schemas:core:2.0:Group'],
     id: :id,
     displayName: :name,
-    members: :users
+    members: :users,
   }
 
   config.group_abbreviated_schema = {
     value: :id,
-    display: :name
+    display: :name,
   }
 end

data/spec/dummy/db/migrate/20220131090107_add_deletable_to_users.rb

@@ -0,0 +1,5 @@
+class AddDeletableToUsers < ActiveRecord::Migration[6.1]
+  def change
+    add_column :users, :deletable, :boolean
+  end
+end

data/spec/dummy/db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2022_01_17_095407) do
+ActiveRecord::Schema.define(version: 2022_01_31_090107) do
 
   create_table "companies", force: :cascade do |t|
     t.string "name", null: false
@@ -46,6 +46,7 @@ ActiveRecord::Schema.define(version: 2022_01_17_095407) do
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
     t.string "country"
+    t.boolean "deletable"
   end
 
   add_foreign_key "group_users", "groups"

data/spec/dummy/db/seeds.rb

@@ -9,11 +9,20 @@ group = Group.create(
   name: 'Test Group'
 )
 
+User.create(
+  company: company,
+  first_name: 'scim',
+  last_name: 'owner',
+  email: 'owner@example.com',
+  deletable: false
+)
+
 1.upto(1000) do |n|
   User.create(
     company: company,
     first_name: "Test#{n}",
     last_name: "User#{n}",
-    email: "#{n}@example.com"
+    email: "#{n}@example.com",
+    deletable: true
   )
 end

data/spec/factories/user.rb

@@ -5,5 +5,7 @@ FactoryBot.define do
     first_name { "Test" }
     last_name { "User" }
     sequence(:email) { |n| "#{n}@example.com" }
+
+    deletable { true }
   end
 end

data/spec/libraries/scim_patch_operation_group_spec.rb

@@ -0,0 +1,165 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe ScimPatchOperationGroup do
+  let(:op) { 'replace' }
+  let(:path) { 'displayName' }
+  let(:value) { 'groupA' }
+  let(:mutable_attributes_schema) { { displayName: :name } }
+  let(:group_member_relation_attribute) { :user_ids }
+
+  let(:user1) { create(:user) }
+  let(:user2) { create(:user) }
+  let(:user3) { create(:user) }
+  let(:user4) { create(:user) }
+  let(:group) { create(:group, users: [user1, user2]) }
+
+  let(:operation) do
+    described_class.new(
+      op,
+      path,
+      value
+    )
+  end
+  context 'replace displayName' do
+    it {
+      allow(ScimRails.config).to(
+        receive(:mutable_group_attributes_schema).and_return(mutable_attributes_schema)
+      )
+      allow(ScimRails.config).to(
+        receive(:group_member_relation_attribute).and_return(group_member_relation_attribute)
+      )
+      expect(operation.op).to eq 'replace'
+      expect(operation.path_scim).to eq(attribute: path, rest_path: [])
+      expect(operation.path_sp).to eq :name
+      expect(operation.value).to eq value
+
+      operation.save(group)
+      expect(group.name).to eq value
+    }
+  end
+
+  context 'add displayName' do
+    let(:op) { 'add' }
+    it {
+      allow(ScimRails.config).to(
+        receive(:mutable_group_attributes_schema).and_return(mutable_attributes_schema)
+      )
+      allow(ScimRails.config).to(
+        receive(:group_member_relation_attribute).and_return(group_member_relation_attribute)
+      )
+      expect(operation.op).to eq 'add'
+      expect(operation.path_scim).to eq(attribute: path, rest_path: [])
+      expect(operation.path_sp).to eq :name
+      expect(operation.value).to eq value
+
+      operation.save(group)
+      expect(group.name).to eq value
+    }
+  end
+
+  context 'remove displayName' do
+    let(:op) { 'remove' }
+    it {
+      allow(ScimRails.config).to(
+        receive(:mutable_group_attributes_schema).and_return(mutable_attributes_schema)
+      )
+      allow(ScimRails.config).to(
+        receive(:group_member_relation_attribute).and_return(group_member_relation_attribute)
+      )
+      expect(operation.op).to eq 'remove'
+      expect(operation.path_scim).to eq(attribute: path, rest_path: [])
+      expect(operation.path_sp).to eq :name
+      expect(operation.value).to eq value
+
+      operation.save(group)
+      expect(group.name).to eq nil
+    }
+  end
+
+  context 'add member' do
+    let(:op) { 'add' }
+    let(:path) { 'members' }
+    let(:value) { [{ 'value' => user3.id.to_s }, { 'value' => user4.id.to_s }] }
+    it {
+      allow(ScimRails.config).to(
+        receive(:mutable_group_attributes_schema).and_return(mutable_attributes_schema)
+      )
+      allow(ScimRails.config).to(
+        receive(:group_member_relation_attribute).and_return(group_member_relation_attribute)
+      )
+      expect(operation.op).to eq 'add'
+      expect(operation.path_scim).to eq(attribute: 'members', rest_path: [])
+      expect(operation.path_sp).to eq :user_ids
+      expect(operation.value).to eq value
+
+      operation.save(group)
+      expect(group.users).to eq [user1, user2, user3, user4]
+    }
+  end
+
+  context 'replace member' do
+    let(:op) { 'replace' }
+    let(:path) { 'members' }
+    let(:value) { [{ 'value' => user3.id.to_s }, { 'value' => user4.id.to_s }] }
+    it {
+      allow(ScimRails.config).to(
+        receive(:mutable_group_attributes_schema).and_return(mutable_attributes_schema)
+      )
+      allow(ScimRails.config).to(
+        receive(:group_member_relation_attribute).and_return(group_member_relation_attribute)
+      )
+      expect(operation.op).to eq 'replace'
+      expect(operation.path_scim).to eq(attribute: 'members', rest_path: [])
+      expect(operation.path_sp).to eq :user_ids
+      expect(operation.value).to eq value
+
+      operation.save(group)
+      expect(group.users).to eq [user3, user4]
+    }
+  end
+
+  context 'remove user ids' do
+    let(:op) { 'remove' }
+    let(:path) { 'members' }
+    let(:value) { [{ 'value' => user1.id.to_s }, { 'value' => user2.id.to_s }] }
+    it {
+      allow(ScimRails.config).to(
+        receive(:mutable_group_attributes_schema).and_return(mutable_attributes_schema)
+      )
+      allow(ScimRails.config).to(
+        receive(:group_member_relation_attribute).and_return(group_member_relation_attribute)
+      )
+      expect(operation.op).to eq 'remove'
+      expect(operation.path_scim).to eq(attribute: 'members', rest_path: [])
+      expect(operation.path_sp).to eq :user_ids
+      expect(operation.value).to eq value
+
+      operation.save(group)
+      expect(group.users).to eq []
+    }
+  end
+
+  context 'remove user id (with filter)' do
+    let(:op) { 'remove' }
+    let(:path) { "members[value eq \"#{user1.id}\"]" }
+    let(:value) { nil }
+    it {
+      allow(ScimRails.config).to(
+        receive(:mutable_group_attributes_schema).and_return(mutable_attributes_schema)
+      )
+      allow(ScimRails.config).to(
+        receive(:group_member_relation_attribute).and_return(group_member_relation_attribute)
+      )
+      expect(operation.op).to eq 'remove'
+      expect(operation.path_scim).to eq(attribute: 'members',
+                                        filter: { attribute: 'value', operator: 'eq', parameter: user1.id.to_s }, rest_path: [])
+      expect(operation.path_sp).to eq :user_ids
+      expect(operation.value).to eq nil
+
+      operation.save(group)
+      expect(group.users).to eq [user2]
+    }
+  end
+end

data/spec/libraries/scim_patch_operation_user_spec.rb

@@ -0,0 +1,101 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe ScimPatchOperationUser do
+  let(:op) { 'replace' }
+  let(:path) { 'userName' }
+  let(:value) { 'taro.suzuki' }
+  let(:mutable_attributes_schema) do
+    {
+      userName: :name,
+      displayName: :display_name,
+      emails: [
+        {
+          value: :email,
+        }
+      ],
+      name: {
+        familyName: :family_name,
+        givenName: :given_name,
+      },
+      active: :active,
+    }
+  end
+
+  let(:operation) do
+    described_class.new(
+      op,
+      path,
+      value
+    )
+  end
+  describe '#initialize' do
+    context 'replace single attribute' do
+      it {
+        allow(ScimRails.config).to(
+          receive(:mutable_user_attributes_schema).and_return(mutable_attributes_schema)
+        )
+        expect(operation.op).to eq 'replace'
+        expect(operation.path_scim).to eq(attribute: path, rest_path: [])
+        expect(operation.path_sp).to eq :name
+        expect(operation.value).to eq value
+      }
+    end
+
+    context 'add single attribute' do
+      let(:op) { 'add' }
+      it {
+        allow(ScimRails.config).to(
+          receive(:mutable_user_attributes_schema).and_return(mutable_attributes_schema)
+        )
+        expect(operation.op).to eq 'add'
+        expect(operation.path_scim).to eq(attribute: path, rest_path: [])
+        expect(operation.path_sp).to eq :name
+        expect(operation.value).to eq value
+      }
+    end
+
+    context 'remove single attribute' do
+      let(:op) { 'remove' }
+      it {
+        allow(ScimRails.config).to(
+          receive(:mutable_user_attributes_schema).and_return(mutable_attributes_schema)
+        )
+        expect(operation.op).to eq 'remove'
+        expect(operation.path_scim).to eq(attribute: path, rest_path: [])
+        expect(operation.path_sp).to eq :name
+        expect(operation.value).to eq value
+      }
+    end
+
+    context 'replace email address' do
+      let(:path) { 'emails[type eq "work"].value' }
+      let(:value) { 'taro.suzuki@example.com' }
+      it {
+        allow(ScimRails.config).to(
+          receive(:mutable_user_attributes_schema).and_return(mutable_attributes_schema)
+        )
+        expect(operation.op).to eq 'replace'
+        expect(operation.path_scim).to eq(attribute: 'emails',
+                                          filter: { attribute: 'type', operator: 'eq', parameter: 'work' }, rest_path: ['value'])
+        expect(operation.path_sp).to eq :email
+        expect(operation.value).to eq value
+      }
+    end
+
+    context 'replace name.familyName' do
+      let(:path) { 'name.familyName' }
+      let(:value) { 'Suzuki' }
+      it {
+        allow(ScimRails.config).to(
+          receive(:mutable_user_attributes_schema).and_return(mutable_attributes_schema)
+        )
+        expect(operation.op).to eq 'replace'
+        expect(operation.path_scim).to eq(attribute: 'name', rest_path: ['familyName'])
+        expect(operation.path_sp).to eq :family_name
+        expect(operation.value).to eq value
+      }
+    end
+  end
+end

data/spec/libraries/scim_patch_spec.rb

@@ -3,81 +3,163 @@
 require 'spec_helper'
 
 describe ScimPatch do
+  shared_examples :user do
+    let(:patch) { ScimPatch.new(params, :user) }
+    it {
+      allow(ScimRails.config).to(
+        receive(:mutable_user_attributes_schema).and_return(mutable_user_attributes_schema)
+      )
 
-  let(:params) {
-    {
-      'schemas' => ['urn:ietf:params:scim:api:messages:2.0:PatchOp'],
-      'Operations' => [
-        {
-          'op' => 'Replace',
-          'path' => 'userName',
-          'value' => 'taro.suzuki'
-        },
-        {
-          'op' =>  'Replace',
-          'path' => 'emails[type eq "work"].value',
-          'value' => 'taro.suzuki@example.com'
-        },
-        {
-          'op' => 'Replace',
-          'path' => 'name.familyName',
-          'value' => 'Suzuki'
-        },
-        {
-          'op' => 'Replace',
-          'path' => 'active',
-          'value' => 'False'
-        }
-      ]
+      expect(patch.operations[0].op).to eq 'replace'
+      expect(patch.operations[0].path_scim).to eq(attribute: 'emails',
+                                                  filter: { attribute: 'type', operator: 'eq', parameter: 'work' }, rest_path: ['value'])
+      expect(patch.operations[0].path_sp).to eq :email
+      expect(patch.operations[0].value).to eq 'taro.suzuki@example.com'
+
+      expect(patch.operations[1].op).to eq 'replace'
+      expect(patch.operations[1].path_scim).to eq(attribute: 'userName', rest_path: [])
+      expect(patch.operations[1].path_sp).to eq :name
+      expect(patch.operations[1].value).to eq 'taro.suzuki'
+
+      expect(patch.operations[2].op).to eq 'replace'
+      expect(patch.operations[2].path_scim).to eq(attribute: 'name',
+                                                  rest_path: ['familyName'])
+      expect(patch.operations[2].path_sp).to eq :family_name
+      expect(patch.operations[2].value).to eq 'Suzuki'
+
+      expect(patch.operations[3].op).to eq 'replace'
+      expect(patch.operations[3].path_scim).to eq(attribute: 'active',
+                                                  rest_path: [])
+      expect(patch.operations[3].path_sp).to eq :active
+      expect(patch.operations[3].value).to eq false
     }
-  }
+  end
 
-  let(:mutable_attributes_schema) {
+  let(:mutable_user_attributes_schema) do
     {
       userName: :name,
       displayName: :display_name,
       emails: [
         {
-          value: :email
+          value: :email,
         }
       ],
       name: {
         familyName: :family_name,
-        givenName: :given_name
+        givenName: :given_name,
       },
-      active: :active
+      active: :active,
+    }
+  end
+
+  let(:mutable_group_attributes_schema) do
+    {
+      displayName: :name,
     }
-  }
+  end
 
-  let(:patch) { described_class.new(params, mutable_attributes_schema) }
+  describe '#initialize :user' do
+    context :multiple_single_value_operations do
+      let(:params) do
+        {
+          'schemas' => ['urn:ietf:params:scim:api:messages:2.0:PatchOp'],
+          'Operations' => [
+            {
+              'op' => 'Replace',
+              'path' => 'emails[type eq "work"].value',
+              'value' => 'taro.suzuki@example.com',
+            },
+            {
+              'op' => 'Replace',
+              'path' => 'userName',
+              'value' => 'taro.suzuki',
+            },
+            {
+              'op' => 'Replace',
+              'path' => 'name.familyName',
+              'value' => 'Suzuki',
+            },
+            {
+              'op' => 'Replace',
+              'path' => 'active',
+              'value' => 'False',
+            }
+          ],
+        }
+      end
+      it_behaves_like :user
+    end
 
-  describe '#initialize' do
-    it {
-      expect(patch.operations[0].op).to eq :replace
-      expect(patch.operations[0].path_scim).to eq 'userName'
-      expect(patch.operations[0].path_sp).to eq :name
-      expect(patch.operations[0].value).to eq 'taro.suzuki'
+    context :multiple_value_operation do
+      let(:params) do
+        {
+          'schemas' => ['urn:ietf:params:scim:api:messages:2.0:PatchOp'],
+          'Operations' => [
+            {
+              'op' => 'replace',
+              'path' => 'emails[type eq "work"].value',
+              'value' => 'taro.suzuki@example.com',
+            },
+            {
+              'op' => 'replace',
+              'value' => {
+                'userName' => 'taro.suzuki',
+                'name.familyName' => 'Suzuki',
+                'active' => false,
+              },
+            }
+          ],
+        }
+      end
+      it_behaves_like :user
+    end
+  end
 
-      expect(patch.operations[1].op).to eq :replace
-      expect(patch.operations[1].path_scim).to eq 'emails[type eq "work"].value'
-      expect(patch.operations[1].path_sp).to eq :email
-      expect(patch.operations[1].value).to eq 'taro.suzuki@example.com'
+  describe '#initialize :group' do
+    let(:params) do
+      {
+        'schemas' => ['urn:ietf:params:scim:api:messages:2.0:PatchOp'],
+        'Operations' => [
+          {
+            'op' => 'Replace',
+            'path' => 'displayName',
+            'value' => 'groupA',
+          },
+          {
+            'op' => 'Add',
+            'path' => 'members',
+            'value' => [
+              {
+                'value' => '1',
+              },
+              {
+                'value' => '2',
+              }
+            ],
+          }
+        ],
+      }
+    end
+    let(:patch) { described_class.new(params, :group) }
+    it {
+      allow(ScimRails.config).to(
+        receive(:mutable_group_attributes_schema).and_return(mutable_group_attributes_schema)
+      )
 
-      expect(patch.operations[2].op).to eq :replace
-      expect(patch.operations[2].path_scim).to eq 'name.familyName'
-      expect(patch.operations[2].path_sp).to eq :family_name
-      expect(patch.operations[2].value).to eq 'Suzuki'
+      expect(patch.operations[0].op).to eq 'replace'
+      expect(patch.operations[0].path_scim).to eq(attribute: 'displayName', rest_path: [])
+      expect(patch.operations[0].path_sp).to eq :name
+      expect(patch.operations[0].value).to eq 'groupA'
 
-      expect(patch.operations[3].op).to eq :replace
-      expect(patch.operations[3].path_scim).to eq 'active'
-      expect(patch.operations[3].path_sp).to eq :active
-      expect(patch.operations[3].value).to eq false
+      expect(patch.operations[1].op).to eq 'add'
+      expect(patch.operations[1].path_scim).to eq(attribute: 'members', rest_path: [])
+      expect(patch.operations[1].path_sp).to eq :user_ids
+      expect(patch.operations[1].value).to eq [{ 'value' => '1' }, { 'value' => '2' }]
     }
   end
 
   # describe '#update' do
-    # create user by factory bot
-    # patch.update(user)
+  # create user by factory bot
+  # patch.update(user)
   # end
-
 end