scimaenaga 0.7.0 → 0.9.1

data/app/models/scimaenaga/scim_query_parser.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module Scimaenaga
+  class ScimQueryParser
+    attr_accessor :query_elements, :query_attributes
+
+    def initialize(query_string, queryable_attributes)
+      self.query_elements = query_string.gsub(/\[(.+?)\]/, '.0').split
+      self.query_attributes = queryable_attributes
+    end
+
+    def attribute
+      attribute = query_elements[0]
+      raise Scimaenaga::ExceptionHandler::InvalidQuery if attribute.blank?
+
+      dig_keys = attribute.split('.').map do |step|
+        step == '0' ? 0 : step.to_sym
+      end
+
+      mapped_attribute = query_attributes.dig(*dig_keys)
+      raise Scimaenaga::ExceptionHandler::InvalidQuery if mapped_attribute.blank?
+
+      mapped_attribute
+    end
+
+    def operator
+      sql_comparison_operator(query_elements[1])
+    end
+
+    def parameter
+      parameter = query_elements[2..-1].join(' ')
+      return if parameter.blank?
+
+      parameter.gsub(/"/, '')
+    end
+
+    private
+
+      def sql_comparison_operator(element)
+        case element
+        when 'eq'
+          '='
+        else
+          # TODO: implement additional query filters
+          raise Scimaenaga::ExceptionHandler::InvalidQuery
+        end
+      end
+  end
+end

data/config/routes.rb

@@ -1,14 +1,16 @@
-ScimRails::Engine.routes.draw do
-  get    'scim/v2/Users',      action: :index,         controller: 'scim_users'
-  post   'scim/v2/Users',      action: :create,        controller: 'scim_users'
-  get    'scim/v2/Users/:id',  action: :show,          controller: 'scim_users'
-  put    'scim/v2/Users/:id',  action: :put_update,    controller: 'scim_users'
-  patch  'scim/v2/Users/:id',  action: :patch_update,  controller: 'scim_users'
-  delete 'scim/v2/Users/:id',  action: :destroy,       controller: 'scim_users'
-  get    'scim/v2/Groups',     action: :index,         controller: 'scim_groups'
-  post   'scim/v2/Groups',     action: :create,        controller: 'scim_groups'
-  get    'scim/v2/Groups/:id', action: :show,          controller: 'scim_groups'
-  put    'scim/v2/Groups/:id', action: :put_update,    controller: 'scim_groups'
-  patch  'scim/v2/Groups/:id', action: :patch_update,  controller: 'scim_groups'
-  delete 'scim/v2/Groups/:id', action: :destroy,       controller: 'scim_groups'
+Scimaenaga::Engine.routes.draw do
+  get    'scim/v2/Users',       action: :index,         controller: 'scim_users'
+  post   'scim/v2/Users',       action: :create,        controller: 'scim_users'
+  get    'scim/v2/Users/:id',   action: :show,          controller: 'scim_users'
+  put    'scim/v2/Users/:id',   action: :put_update,    controller: 'scim_users'
+  patch  'scim/v2/Users/:id',   action: :patch_update,  controller: 'scim_users'
+  delete 'scim/v2/Users/:id',   action: :destroy,       controller: 'scim_users'
+  get    'scim/v2/Groups',      action: :index,         controller: 'scim_groups'
+  post   'scim/v2/Groups',      action: :create,        controller: 'scim_groups'
+  get    'scim/v2/Groups/:id',  action: :show,          controller: 'scim_groups'
+  put    'scim/v2/Groups/:id',  action: :put_update,    controller: 'scim_groups'
+  patch  'scim/v2/Groups/:id',  action: :patch_update,  controller: 'scim_groups'
+  delete 'scim/v2/Groups/:id',  action: :destroy,       controller: 'scim_groups'
+  get    'scim/v2/Schemas',     action: :index,         controller: 'scim_schemas'
+  get    'scim/v2/Schemas/:id', action: :show,          controller: 'scim_schemas'
 end

data/lib/generators/scimaenaga/USAGE

@@ -0,0 +1,8 @@
+Description:
+    Generates the scimaenaga initializer.
+
+Example:
+    rails generate scimaenaga config
+
+    This will create:
+        config/initializers/scimaenaga_config.rb

data/lib/generators/scimaenaga/scimaenaga_generator.rb

@@ -0,0 +1,7 @@
+class ScimaenagaGenerator < Rails::Generators::NamedBase
+  source_root File.expand_path('templates', __dir__)
+
+  def copy_initializer_file
+    copy_file 'initializer.rb', 'config/initializers/scimaenaga_config.rb'
+  end
+end

data/lib/generators/{scim_rails → scimaenaga}/templates/initializer.rb

@@ -1,8 +1,8 @@
 # frozen_string_literal: true
 
-ScimRails.configure do |config|
+Scimaenaga.configure do |config|
   # Model used for authenticating and scoping users.
-  config.basic_auth_model = "Company"
+  config.basic_auth_model = 'Company'
 
   # Attribute used to search for a given record. This
   # attribute should be unique as it will return the
@@ -14,7 +14,7 @@ ScimRails.configure do |config|
   config.basic_auth_model_authenticatable_attribute = :api_token
 
   # Model used for user records.
-  config.scim_users_model = "User"
+  config.scim_users_model = 'User'
 
   # Method used for retrieving user records from the
   # authenticatable model.
@@ -25,7 +25,7 @@ ScimRails.configure do |config|
   config.scim_user_prevent_update_on_create = false
 
   # Model used for group records.
-  config.scim_groups_model = "Group"
+  config.scim_groups_model = 'Group'
   # Method used for retrieving user records from the
   # authenticatable model.
   config.scim_groups_scope = :groups
@@ -56,16 +56,16 @@ ScimRails.configure do |config|
     userName: :email,
     givenName: :first_name,
     familyName: :last_name,
-    email: :email
+    email: :email,
   }
 
   # Array of attributes that can be modified on the
   # user model. If the attribute is not in this array
   # the attribute cannot be modified by this Gem.
-  config.mutable_user_attributes = [
-    :first_name,
-    :last_name,
-    :email
+  config.mutable_user_attributes = %i[
+    first_name
+    last_name
+    email
   ]
 
   # Hash of mutable attributes. This object is the map
@@ -76,13 +76,13 @@ ScimRails.configure do |config|
   config.mutable_user_attributes_schema = {
     name: {
       givenName: :first_name,
-      familyName: :last_name
+      familyName: :last_name,
     },
     emails: [
       {
-        value: :email
+        value: :email,
       }
-    ]
+    ],
   }
 
   # Hash of SCIM structure for a user schema. This object
@@ -93,31 +93,31 @@ ScimRails.configure do |config|
   # through as is, symbols will be passed to the user
   # object to return a value.
   config.user_schema = {
-    schemas: ["urn:ietf:params:scim:schemas:core:2.0:User"],
+    schemas: ['urn:ietf:params:scim:schemas:core:2.0:User'],
     id: :id,
     userName: :email,
     name: {
       givenName: :first_name,
-      familyName: :last_name
+      familyName: :last_name,
     },
     emails: [
       {
-        value: :email
+        value: :email,
       }
     ],
-    active: :active?
+    active: :active?,
   }
 
   # Schema for users used in "abbreviated" lists such as in
   # the `members` field of a Group.
   config.user_abbreviated_schema = {
     value: :id,
-    display: :email
+    display: :email,
   }
 
   # Allow filtering Groups based on these parameters
   config.queryable_group_attributes = {
-    displayName: :name
+    displayName: :name,
   }
 
   # List of attributes on a Group that can be updated through SCIM
@@ -131,7 +131,7 @@ ScimRails.configure do |config|
   # include all attributes listed in
   # config.mutable_group_attributes.
   config.mutable_group_attributes_schema = {
-    displayName: :name
+    displayName: :name,
   }
 
   # The User relation's IDs field name on the Group model.
@@ -143,18 +143,124 @@ ScimRails.configure do |config|
   config.group_member_relation_schema = { value: :user_ids }
 
   config.group_schema = {
-    schemas: ["urn:ietf:params:scim:schemas:core:2.0:Group"],
+    schemas: ['urn:ietf:params:scim:schemas:core:2.0:Group'],
     id: :id,
     displayName: :name,
-    members: :users
+    members: :users,
   }
 
   config.group_abbreviated_schema = {
     value: :id,
-    display: :name
+    display: :name,
   }
 
   # Set group_destroy_method to a method on the Group model
   # to be called on a destroy request
   # config.group_destroy_method = :destroy!
+
+  # /Schemas settings.
+  # These settings are not used in /Users and /Groups for now.
+  # Configure this only when you need Schemas endpoint.
+  # Schemas endpoint returns the configured values as-is.
+  config.schemas = [
+    # Define User schemas
+    {
+      # Normally you don't have to change schemas/id/name/description
+      schemas: ['urn:ietf:params:scim:schemas:core:2.0:Schema'],
+      id: 'urn:ietf:params:scim:schemas:core:2.0:User',
+      name: 'User',
+      description: 'User Account',
+
+      # Configure 'attributes' as it corresponds with other configurations and your model
+      attributes: [
+        {
+          # Name of SCIM attribute. It must be configured in "user_schema"
+          name: 'userName',
+
+          # "type" must be string/boolan/decimal/integer/dateTime/reference
+          # "complex" value is not supported now
+          type: 'string',
+
+          # Multi value attribute is not supported, must be false
+          multiValued: false,
+
+          description: 'Unique identifier for the User. REQUIRED.',
+
+          # Specify true when you require this attribute
+          required: true,
+
+          # In this Library, String value is always handled as case exact
+          caseExact: true,
+
+          # "mutability" must be readOnly/readWrite/writeOnly
+          # "immutable" is not supported.
+          # readOnly: attribute is defined in queryable_user_attributes but not in mutable_user_attributes and user_schema
+          # readWrite: attribute is defined in queryable_user_attributes, mutable_user_attributes and user_schema
+          # writeOnly: attribute is defined in mutable_user_attributes, and user_schema but not in queryable_user_attributes
+          mutability: 'readWrite',
+
+          # "returned" must be always/never. default and request are not supported
+          # always: attribute is defined in user_schema
+          # never: attribute is not defined in user_schema
+          returned: 'always',
+
+          # "uniqueness" must be none/server/global. It's dependent on your service
+          uniqueness: 'server',
+        }
+      ],
+      meta: {
+        resourceType: 'Schema',
+        location:
+          '/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:User',
+      },
+    },
+    # define Group schemas
+    {
+      schemas: ['urn:ietf:params:scim:schemas:core:2.0:Schema'],
+      id: 'urn:ietf:params:scim:schemas:core:2.0:Group',
+      name: 'Group',
+      description: 'Group',
+      attributes: [
+        {
+          # Same as the User attributes
+          name: 'displayName',
+          type: 'string',
+          multiValued: false,
+          description: 'A human-readable name for the Group. REQUIRED.',
+          required: true,
+          caseExact: true,
+          mutability: 'readWrite',
+          returned: 'always',
+          uniqueness: 'none',
+        },
+        {
+          name: 'members',
+
+          # Only "members" can be configured as a complex and multivalued attribute
+          type: 'complex',
+          multiValued: true,
+
+          description: 'A list of members of the Group.',
+          required: false,
+          subAttributes: [
+            {
+              name: 'value',
+              type: 'string',
+              multiValued: false,
+              description: 'Identifier of the member of this Group.',
+              required: false,
+              caseExact: true,
+              mutability: 'immutable',
+              returned: 'default',
+              uniqueness: 'none',
+            }
+          ],
+        }
+      ],
+      meta: {
+        resourceType: 'Schema',
+        location: '/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:Group',
+      },
+    }
+  ]
 end

data/lib/{scim_rails → scimaenaga}/config.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-module ScimRails
+module Scimaenaga
   class << self
     def configure
       yield config
@@ -11,9 +11,9 @@ module ScimRails
     end
   end
 
-  # Class containing configuration of ScimRails
+  # Class containing configuration of Scimaenaga
   class Config
-    ALGO_NONE = "none"
+    ALGO_NONE = 'none'
 
     attr_writer \
       :basic_auth_model,
@@ -45,20 +45,22 @@ module ScimRails
       :user_schema,
       :group_schema,
       :user_destroy_method,
-      :group_destroy_method
+      :group_destroy_method,
+      :schemas
 
     def initialize
-      @basic_auth_model = "Company"
+      @basic_auth_model = 'Company'
       @scim_users_list_order = :id
-      @scim_users_model = "User"
+      @scim_users_model = 'User'
       @scim_groups_list_order = :id
-      @scim_groups_model = "Group"
+      @scim_groups_model = 'Group'
       @signing_algorithm = ALGO_NONE
       @user_schema = {}
       @user_attributes = []
       @user_abbreviated_schema = {}
       @group_schema = {}
       @group_abbreviated_schema = {}
+      @schemas = []
     end
 
     def mutable_user_attributes_schema

data/lib/scimaenaga/encoder.rb

@@ -0,0 +1,27 @@
+require 'jwt'
+
+module Scimaenaga
+  module Encoder
+    extend self
+
+    def encode(company)
+      payload = {
+        iat: Time.current.to_i,
+        Scimaenaga.config.basic_auth_model_searchable_attribute =>
+          company.public_send(Scimaenaga.config.basic_auth_model_searchable_attribute),
+      }
+
+      JWT.encode(payload, Scimaenaga.config.signing_secret,
+                 Scimaenaga.config.signing_algorithm)
+    end
+
+    def decode(token)
+      verify = Scimaenaga.config.signing_algorithm != Scimaenaga::Config::ALGO_NONE
+
+      JWT.decode(token, Scimaenaga.config.signing_secret, verify,
+                 algorithm: Scimaenaga.config.signing_algorithm).first
+    rescue JWT::VerificationError, JWT::DecodeError
+      raise Scimaenaga::ExceptionHandler::InvalidCredentials
+    end
+  end
+end

data/lib/scimaenaga/engine.rb

@@ -0,0 +1,12 @@
+module Scimaenaga
+  class Engine < ::Rails::Engine
+    isolate_namespace Scimaenaga
+
+    config.generators do |g|
+      g.test_framework :rspec, fixture: false
+      g.fixture_replacement :factory_bot, dir: 'spec/factories'
+      g.assets false
+      g.helper false
+    end
+  end
+end

data/lib/scimaenaga/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Scimaenaga
+  VERSION = '0.9.1'
+end

data/lib/scimaenaga.rb

@@ -0,0 +1,6 @@
+require 'scimaenaga/engine'
+require 'scimaenaga/config'
+require 'scimaenaga/encoder'
+
+module Scimaenaga
+end

data/lib/tasks/{scim_rails_tasks.rake → scimaenaga_tasks.rake}

@@ -1,4 +1,4 @@
 # desc "Explaining what the task does"
-# task :scim_rails do
+# task :scimaenaga do
 #   # Task goes here
 # end

data/spec/controllers/{scim_rails → scimaenaga}/scim_groups_controller_spec.rb

@@ -2,10 +2,10 @@
 
 require 'spec_helper'
 
-RSpec.describe ScimRails::ScimGroupsController, type: :controller do
+RSpec.describe Scimaenaga::ScimGroupsController, type: :controller do
   include AuthHelper
 
-  routes { ScimRails::Engine.routes }
+  routes { Scimaenaga::Engine.routes }
 
   describe 'index' do
     let(:company) { create(:company) }
@@ -86,7 +86,7 @@ RSpec.describe ScimRails::ScimGroupsController, type: :controller do
       end
 
       it 'paginates results by configurable scim_groups_list_order' do
-        allow(ScimRails.config).to(
+        allow(Scimaenaga.config).to(
           receive(:scim_groups_list_order).and_return(created_at: :desc)
         )
 
@@ -417,8 +417,8 @@ RSpec.describe ScimRails::ScimGroupsController, type: :controller do
             Operations: [{
               op: 'Replace',
               path: 'displayName',
-              value: 'changed'
-            }]
+              value: 'changed',
+            }],
           }, as: :json
         end.to change { group.reload.name }.to('changed')
 
@@ -543,7 +543,7 @@ RSpec.describe ScimRails::ScimGroupsController, type: :controller do
 
       context 'when Group destroy method is not configured' do
         it 'does not delete Group' do
-          allow(ScimRails.config).to(
+          allow(Scimaenaga.config).to(
             receive(:group_destroy_method).and_return(nil)
           )
 
@@ -557,7 +557,7 @@ RSpec.describe ScimRails::ScimGroupsController, type: :controller do
 
       context 'when Group destroy method is invalid' do
         it 'does not delete Group' do
-          allow(ScimRails.config).to(
+          allow(Scimaenaga.config).to(
             receive(:group_destroy_method).and_return('destory!')
           )
 
@@ -572,7 +572,7 @@ RSpec.describe ScimRails::ScimGroupsController, type: :controller do
       context 'whenr target Group is not found' do
         it 'return 404 not found' do
           expect do
-            delete :destroy, params: { id: 999999 }, as: :json
+            delete :destroy, params: { id: 999_999 }, as: :json
           end.not_to change { company.groups.reload.count }.from(1)
 
           expect(response.status).to eq 404

data/spec/controllers/{scim_rails → scimaenaga}/scim_groups_request_spec.rb

@@ -1,42 +1,42 @@
 # frozen_string_literal: true
 
-require "spec_helper"
+require 'spec_helper'
 
-RSpec.describe ScimRails::ScimGroupsController, type: :request do
+RSpec.describe Scimaenaga::ScimGroupsController, type: :request do
   let(:company) { create(:company) }
   let(:credentials) do
     Base64.encode64("#{company.subdomain}:#{company.api_token}")
   end
   let(:authorization) { "Basic #{credentials}" }
 
-  def post_request(content_type = "application/scim+json")
-    post "/scim/v2/Groups",
+  def post_request(content_type = 'application/scim+json')
+    post '/scim/v2/Groups',
          params: {
-           displayName: "Dummy Group",
-           members: []
+           displayName: 'Dummy Group',
+           members: [],
          }.to_json,
          headers: {
            Authorization: authorization,
-           'Content-Type': content_type
+           'Content-Type': content_type,
          }
   end
 
-  describe "Content-Type" do
-    it "accepts scim+json" do
+  describe 'Content-Type' do
+    it 'accepts scim+json' do
       expect(company.groups.count).to eq 0
 
-      post_request("application/scim+json")
+      post_request('application/scim+json')
 
       expect(request.params).to include :displayName
       expect(response.status).to eq 201
-      expect(response.media_type).to eq "application/scim+json"
+      expect(response.media_type).to eq 'application/scim+json'
       expect(company.groups.count).to eq 1
     end
 
-    it "can not parse unfamiliar content types" do
+    it 'can not parse unfamiliar content types' do
       expect(company.groups.count).to eq 0
 
-      post_request("text/csv")
+      post_request('text/csv')
 
       expect(request.params).not_to include :displayName
       expect(response.status).to eq 422
@@ -44,21 +44,21 @@ RSpec.describe ScimRails::ScimGroupsController, type: :request do
     end
   end
 
-  context "OAuth Bearer Authorization" do
-    context "with valid token" do
+  context 'OAuth Bearer Authorization' do
+    context 'with valid token' do
       let(:authorization) { "Bearer #{company.api_token}" }
 
-      it "supports OAuth bearer authorization and succeeds" do
+      it 'supports OAuth bearer authorization and succeeds' do
         expect { post_request }.to change(company.groups, :count).from(0).to(1)
 
         expect(response.status).to eq 201
       end
     end
 
-    context "with invalid token" do
+    context 'with invalid token' do
       let(:authorization) { "Bearer #{SecureRandom.hex}" }
 
-      it "The request fails" do
+      it 'The request fails' do
         expect { post_request }.not_to change(company.groups, :count)
 
         expect(response.status).to eq 401