scimaenaga 0.9.0 → 0.9.1

data/app/libraries/scim_patch_operation_group.rb

@@ -61,7 +61,7 @@ class ScimPatchOperationGroup < ScimPatchOperation
     end
 
     def member_relation_attribute
-      ScimRails.config.group_member_relation_attribute
+      Scimaenaga.config.group_member_relation_attribute
     end
 
     def validate(_op, _path, _value)
@@ -87,14 +87,14 @@ class ScimPatchOperationGroup < ScimPatchOperation
       #   rest_path: []
       # }
       if path_scim[:attribute] == 'members'
-        return ScimRails.config.group_member_relation_attribute
+        return Scimaenaga.config.group_member_relation_attribute
       end
 
       dig_keys = [path_scim[:attribute].to_sym]
       dig_keys.concat(path_scim[:rest_path].map(&:to_sym))
 
       # *dig_keys example: displayName
-      ScimRails.config.mutable_group_attributes_schema.dig(*dig_keys)
+      Scimaenaga.config.mutable_group_attributes_schema.dig(*dig_keys)
     end
 
 end

data/app/libraries/scim_patch_operation_user.rb

@@ -15,7 +15,7 @@ class ScimPatchOperationUser < ScimPatchOperation
 
     def validate(_op, _path, value)
       if value.instance_of? Array
-        raise ScimRails::ExceptionHandler::UnsupportedPatchRequest
+        raise Scimaenaga::ExceptionHandler::UnsupportedPatchRequest
       end
 
       return
@@ -47,7 +47,7 @@ class ScimPatchOperationUser < ScimPatchOperation
       dig_keys.concat(path_scim[:rest_path].map(&:to_sym))
 
       # *dig_keys example: emails, 0, value
-      ScimRails.config.mutable_user_attributes_schema.dig(*dig_keys)
+      Scimaenaga.config.mutable_user_attributes_schema.dig(*dig_keys)
     end
 
 end

data/app/models/{scim_rails → scimaenaga}/application_record.rb

@@ -1,4 +1,4 @@
-module ScimRails
+module Scimaenaga
   class ApplicationRecord < ActiveRecord::Base
     self.abstract_class = true
   end

data/app/models/scimaenaga/authorize_api_request.rb

@@ -0,0 +1,39 @@
+module Scimaenaga
+  class AuthorizeApiRequest
+
+    def initialize(searchable_attribute:, authentication_attribute:)
+      @searchable_attribute = searchable_attribute
+      @authentication_attribute = authentication_attribute
+
+      if searchable_attribute.blank? || authentication_attribute.blank?
+        raise Scimaenaga::ExceptionHandler::InvalidCredentials
+      end
+
+      @search_parameter = { Scimaenaga.config.basic_auth_model_searchable_attribute => @searchable_attribute }
+    end
+
+    def company
+      company = find_company
+      authorize(company)
+      company
+    end
+
+    private
+
+      attr_reader :authentication_attribute, :search_parameter, :searchable_attribute
+
+      def find_company
+        @company ||= Scimaenaga.config.basic_auth_model.find_by!(search_parameter)
+      rescue ActiveRecord::RecordNotFound
+        raise Scimaenaga::ExceptionHandler::InvalidCredentials
+      end
+
+      def authorize(authentication_model)
+        authorized = ActiveSupport::SecurityUtils.secure_compare(
+          authentication_model.public_send(Scimaenaga.config.basic_auth_model_authenticatable_attribute),
+          authentication_attribute
+        )
+        raise Scimaenaga::ExceptionHandler::InvalidCredentials unless authorized
+      end
+  end
+end

data/app/models/{scim_rails → scimaenaga}/scim_count.rb

@@ -1,4 +1,4 @@
-module ScimRails
+module Scimaenaga
   class ScimCount
     include ActiveModel::Model
 
@@ -10,17 +10,21 @@ module ScimRails
 
     def limit
       return 100 if @limit.blank?
+
       validate_numericality(@limit)
       input = @limit.to_i
       raise if input < 1
+
       input
     end
 
     def start_index
       return 1 if @start_index.blank?
+
       validate_numericality(@start_index)
       input = @start_index.to_i
       return 1 if input < 1
+
       input
     end
 
@@ -30,9 +34,9 @@ module ScimRails
 
     private
 
-    def validate_numericality(input)
-      raise unless input.match?(/\A\d+\z/)
-    end
+      def validate_numericality(input)
+        raise unless input.match?(/\A\d+\z/)
+      end
 
   end
 end

data/app/models/scimaenaga/scim_query_parser.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module Scimaenaga
+  class ScimQueryParser
+    attr_accessor :query_elements, :query_attributes
+
+    def initialize(query_string, queryable_attributes)
+      self.query_elements = query_string.gsub(/\[(.+?)\]/, '.0').split
+      self.query_attributes = queryable_attributes
+    end
+
+    def attribute
+      attribute = query_elements[0]
+      raise Scimaenaga::ExceptionHandler::InvalidQuery if attribute.blank?
+
+      dig_keys = attribute.split('.').map do |step|
+        step == '0' ? 0 : step.to_sym
+      end
+
+      mapped_attribute = query_attributes.dig(*dig_keys)
+      raise Scimaenaga::ExceptionHandler::InvalidQuery if mapped_attribute.blank?
+
+      mapped_attribute
+    end
+
+    def operator
+      sql_comparison_operator(query_elements[1])
+    end
+
+    def parameter
+      parameter = query_elements[2..-1].join(' ')
+      return if parameter.blank?
+
+      parameter.gsub(/"/, '')
+    end
+
+    private
+
+      def sql_comparison_operator(element)
+        case element
+        when 'eq'
+          '='
+        else
+          # TODO: implement additional query filters
+          raise Scimaenaga::ExceptionHandler::InvalidQuery
+        end
+      end
+  end
+end

data/config/routes.rb

@@ -1,4 +1,4 @@
-ScimRails::Engine.routes.draw do
+Scimaenaga::Engine.routes.draw do
   get    'scim/v2/Users',       action: :index,         controller: 'scim_users'
   post   'scim/v2/Users',       action: :create,        controller: 'scim_users'
   get    'scim/v2/Users/:id',   action: :show,          controller: 'scim_users'

data/lib/generators/scimaenaga/USAGE

@@ -0,0 +1,8 @@
+Description:
+    Generates the scimaenaga initializer.
+
+Example:
+    rails generate scimaenaga config
+
+    This will create:
+        config/initializers/scimaenaga_config.rb

data/lib/generators/scimaenaga/scimaenaga_generator.rb

@@ -0,0 +1,7 @@
+class ScimaenagaGenerator < Rails::Generators::NamedBase
+  source_root File.expand_path('templates', __dir__)
+
+  def copy_initializer_file
+    copy_file 'initializer.rb', 'config/initializers/scimaenaga_config.rb'
+  end
+end

data/lib/generators/{scim_rails → scimaenaga}/templates/initializer.rb

@@ -1,8 +1,8 @@
 # frozen_string_literal: true
 
-ScimRails.configure do |config|
+Scimaenaga.configure do |config|
   # Model used for authenticating and scoping users.
-  config.basic_auth_model = "Company"
+  config.basic_auth_model = 'Company'
 
   # Attribute used to search for a given record. This
   # attribute should be unique as it will return the
@@ -14,7 +14,7 @@ ScimRails.configure do |config|
   config.basic_auth_model_authenticatable_attribute = :api_token
 
   # Model used for user records.
-  config.scim_users_model = "User"
+  config.scim_users_model = 'User'
 
   # Method used for retrieving user records from the
   # authenticatable model.
@@ -25,7 +25,7 @@ ScimRails.configure do |config|
   config.scim_user_prevent_update_on_create = false
 
   # Model used for group records.
-  config.scim_groups_model = "Group"
+  config.scim_groups_model = 'Group'
   # Method used for retrieving user records from the
   # authenticatable model.
   config.scim_groups_scope = :groups
@@ -56,16 +56,16 @@ ScimRails.configure do |config|
     userName: :email,
     givenName: :first_name,
     familyName: :last_name,
-    email: :email
+    email: :email,
   }
 
   # Array of attributes that can be modified on the
   # user model. If the attribute is not in this array
   # the attribute cannot be modified by this Gem.
-  config.mutable_user_attributes = [
-    :first_name,
-    :last_name,
-    :email
+  config.mutable_user_attributes = %i[
+    first_name
+    last_name
+    email
   ]
 
   # Hash of mutable attributes. This object is the map
@@ -76,13 +76,13 @@ ScimRails.configure do |config|
   config.mutable_user_attributes_schema = {
     name: {
       givenName: :first_name,
-      familyName: :last_name
+      familyName: :last_name,
     },
     emails: [
       {
-        value: :email
+        value: :email,
       }
-    ]
+    ],
   }
 
   # Hash of SCIM structure for a user schema. This object
@@ -93,31 +93,31 @@ ScimRails.configure do |config|
   # through as is, symbols will be passed to the user
   # object to return a value.
   config.user_schema = {
-    schemas: ["urn:ietf:params:scim:schemas:core:2.0:User"],
+    schemas: ['urn:ietf:params:scim:schemas:core:2.0:User'],
     id: :id,
     userName: :email,
     name: {
       givenName: :first_name,
-      familyName: :last_name
+      familyName: :last_name,
     },
     emails: [
       {
-        value: :email
+        value: :email,
       }
     ],
-    active: :active?
+    active: :active?,
   }
 
   # Schema for users used in "abbreviated" lists such as in
   # the `members` field of a Group.
   config.user_abbreviated_schema = {
     value: :id,
-    display: :email
+    display: :email,
   }
 
   # Allow filtering Groups based on these parameters
   config.queryable_group_attributes = {
-    displayName: :name
+    displayName: :name,
   }
 
   # List of attributes on a Group that can be updated through SCIM
@@ -131,7 +131,7 @@ ScimRails.configure do |config|
   # include all attributes listed in
   # config.mutable_group_attributes.
   config.mutable_group_attributes_schema = {
-    displayName: :name
+    displayName: :name,
   }
 
   # The User relation's IDs field name on the Group model.
@@ -143,15 +143,15 @@ ScimRails.configure do |config|
   config.group_member_relation_schema = { value: :user_ids }
 
   config.group_schema = {
-    schemas: ["urn:ietf:params:scim:schemas:core:2.0:Group"],
+    schemas: ['urn:ietf:params:scim:schemas:core:2.0:Group'],
     id: :id,
     displayName: :name,
-    members: :users
+    members: :users,
   }
 
   config.group_abbreviated_schema = {
     value: :id,
-    display: :name
+    display: :name,
   }
 
   # Set group_destroy_method to a method on the Group model

data/lib/{scim_rails → scimaenaga}/config.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-module ScimRails
+module Scimaenaga
   class << self
     def configure
       yield config
@@ -11,7 +11,7 @@ module ScimRails
     end
   end
 
-  # Class containing configuration of ScimRails
+  # Class containing configuration of Scimaenaga
   class Config
     ALGO_NONE = 'none'
 

data/lib/scimaenaga/encoder.rb

@@ -0,0 +1,27 @@
+require 'jwt'
+
+module Scimaenaga
+  module Encoder
+    extend self
+
+    def encode(company)
+      payload = {
+        iat: Time.current.to_i,
+        Scimaenaga.config.basic_auth_model_searchable_attribute =>
+          company.public_send(Scimaenaga.config.basic_auth_model_searchable_attribute),
+      }
+
+      JWT.encode(payload, Scimaenaga.config.signing_secret,
+                 Scimaenaga.config.signing_algorithm)
+    end
+
+    def decode(token)
+      verify = Scimaenaga.config.signing_algorithm != Scimaenaga::Config::ALGO_NONE
+
+      JWT.decode(token, Scimaenaga.config.signing_secret, verify,
+                 algorithm: Scimaenaga.config.signing_algorithm).first
+    rescue JWT::VerificationError, JWT::DecodeError
+      raise Scimaenaga::ExceptionHandler::InvalidCredentials
+    end
+  end
+end

data/lib/scimaenaga/engine.rb

@@ -0,0 +1,12 @@
+module Scimaenaga
+  class Engine < ::Rails::Engine
+    isolate_namespace Scimaenaga
+
+    config.generators do |g|
+      g.test_framework :rspec, fixture: false
+      g.fixture_replacement :factory_bot, dir: 'spec/factories'
+      g.assets false
+      g.helper false
+    end
+  end
+end

data/lib/scimaenaga/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Scimaenaga
+  VERSION = '0.9.1'
+end

data/lib/scimaenaga.rb

@@ -0,0 +1,6 @@
+require 'scimaenaga/engine'
+require 'scimaenaga/config'
+require 'scimaenaga/encoder'
+
+module Scimaenaga
+end

data/lib/tasks/{scim_rails_tasks.rake → scimaenaga_tasks.rake}

@@ -1,4 +1,4 @@
 # desc "Explaining what the task does"
-# task :scim_rails do
+# task :scimaenaga do
 #   # Task goes here
 # end

data/spec/controllers/{scim_rails → scimaenaga}/scim_groups_controller_spec.rb

@@ -2,10 +2,10 @@
 
 require 'spec_helper'
 
-RSpec.describe ScimRails::ScimGroupsController, type: :controller do
+RSpec.describe Scimaenaga::ScimGroupsController, type: :controller do
   include AuthHelper
 
-  routes { ScimRails::Engine.routes }
+  routes { Scimaenaga::Engine.routes }
 
   describe 'index' do
     let(:company) { create(:company) }
@@ -86,7 +86,7 @@ RSpec.describe ScimRails::ScimGroupsController, type: :controller do
       end
 
       it 'paginates results by configurable scim_groups_list_order' do
-        allow(ScimRails.config).to(
+        allow(Scimaenaga.config).to(
           receive(:scim_groups_list_order).and_return(created_at: :desc)
         )
 
@@ -417,8 +417,8 @@ RSpec.describe ScimRails::ScimGroupsController, type: :controller do
             Operations: [{
               op: 'Replace',
               path: 'displayName',
-              value: 'changed'
-            }]
+              value: 'changed',
+            }],
           }, as: :json
         end.to change { group.reload.name }.to('changed')
 
@@ -543,7 +543,7 @@ RSpec.describe ScimRails::ScimGroupsController, type: :controller do
 
       context 'when Group destroy method is not configured' do
         it 'does not delete Group' do
-          allow(ScimRails.config).to(
+          allow(Scimaenaga.config).to(
             receive(:group_destroy_method).and_return(nil)
           )
 
@@ -557,7 +557,7 @@ RSpec.describe ScimRails::ScimGroupsController, type: :controller do
 
       context 'when Group destroy method is invalid' do
         it 'does not delete Group' do
-          allow(ScimRails.config).to(
+          allow(Scimaenaga.config).to(
             receive(:group_destroy_method).and_return('destory!')
           )
 
@@ -572,7 +572,7 @@ RSpec.describe ScimRails::ScimGroupsController, type: :controller do
       context 'whenr target Group is not found' do
         it 'return 404 not found' do
           expect do
-            delete :destroy, params: { id: 999999 }, as: :json
+            delete :destroy, params: { id: 999_999 }, as: :json
           end.not_to change { company.groups.reload.count }.from(1)
 
           expect(response.status).to eq 404

data/spec/controllers/{scim_rails → scimaenaga}/scim_groups_request_spec.rb

@@ -1,42 +1,42 @@
 # frozen_string_literal: true
 
-require "spec_helper"
+require 'spec_helper'
 
-RSpec.describe ScimRails::ScimGroupsController, type: :request do
+RSpec.describe Scimaenaga::ScimGroupsController, type: :request do
   let(:company) { create(:company) }
   let(:credentials) do
     Base64.encode64("#{company.subdomain}:#{company.api_token}")
   end
   let(:authorization) { "Basic #{credentials}" }
 
-  def post_request(content_type = "application/scim+json")
-    post "/scim/v2/Groups",
+  def post_request(content_type = 'application/scim+json')
+    post '/scim/v2/Groups',
          params: {
-           displayName: "Dummy Group",
-           members: []
+           displayName: 'Dummy Group',
+           members: [],
          }.to_json,
          headers: {
            Authorization: authorization,
-           'Content-Type': content_type
+           'Content-Type': content_type,
          }
   end
 
-  describe "Content-Type" do
-    it "accepts scim+json" do
+  describe 'Content-Type' do
+    it 'accepts scim+json' do
       expect(company.groups.count).to eq 0
 
-      post_request("application/scim+json")
+      post_request('application/scim+json')
 
       expect(request.params).to include :displayName
       expect(response.status).to eq 201
-      expect(response.media_type).to eq "application/scim+json"
+      expect(response.media_type).to eq 'application/scim+json'
       expect(company.groups.count).to eq 1
     end
 
-    it "can not parse unfamiliar content types" do
+    it 'can not parse unfamiliar content types' do
       expect(company.groups.count).to eq 0
 
-      post_request("text/csv")
+      post_request('text/csv')
 
       expect(request.params).not_to include :displayName
       expect(response.status).to eq 422
@@ -44,21 +44,21 @@ RSpec.describe ScimRails::ScimGroupsController, type: :request do
     end
   end
 
-  context "OAuth Bearer Authorization" do
-    context "with valid token" do
+  context 'OAuth Bearer Authorization' do
+    context 'with valid token' do
       let(:authorization) { "Bearer #{company.api_token}" }
 
-      it "supports OAuth bearer authorization and succeeds" do
+      it 'supports OAuth bearer authorization and succeeds' do
         expect { post_request }.to change(company.groups, :count).from(0).to(1)
 
         expect(response.status).to eq 201
       end
     end
 
-    context "with invalid token" do
+    context 'with invalid token' do
       let(:authorization) { "Bearer #{SecureRandom.hex}" }
 
-      it "The request fails" do
+      it 'The request fails' do
         expect { post_request }.not_to change(company.groups, :count)
 
         expect(response.status).to eq 401

data/spec/controllers/{scim_rails → scimaenaga}/scim_schemas_controller_spec.rb

@@ -2,10 +2,10 @@
 
 require 'spec_helper'
 
-RSpec.describe ScimRails::ScimSchemasController, type: :controller do
+RSpec.describe Scimaenaga::ScimSchemasController, type: :controller do
   include AuthHelper
 
-  routes { ScimRails::Engine.routes }
+  routes { Scimaenaga::Engine.routes }
 
   let(:schemas) do
     [
@@ -146,7 +146,7 @@ RSpec.describe ScimRails::ScimSchemasController, type: :controller do
       end
 
       it 'returns all results' do
-        allow(ScimRails.config).to(receive(:schemas).and_return(schemas))
+        allow(Scimaenaga.config).to(receive(:schemas).and_return(schemas))
         get :index, as: :json
         response_body = JSON.parse(response.body)
         expect(response_body.dig('schemas', 0)).to(
@@ -156,7 +156,7 @@ RSpec.describe ScimRails::ScimSchemasController, type: :controller do
       end
 
       it 'defaults to 100 results' do
-        allow(ScimRails.config).to(receive(:schemas).and_return(schemas_110))
+        allow(Scimaenaga.config).to(receive(:schemas).and_return(schemas_110))
 
         get :index, as: :json
         response_body = JSON.parse(response.body)
@@ -166,7 +166,7 @@ RSpec.describe ScimRails::ScimSchemasController, type: :controller do
       end
 
       it 'paginates results' do
-        allow(ScimRails.config).to(receive(:schemas).and_return(schemas_110))
+        allow(Scimaenaga.config).to(receive(:schemas).and_return(schemas_110))
         get :index, params: {
           startIndex: 101,
           count: 5,
@@ -213,14 +213,14 @@ RSpec.describe ScimRails::ScimSchemasController, type: :controller do
       end
 
       it 'returns scim+json content type' do
-        allow(ScimRails.config).to(receive(:schemas).and_return(schemas))
+        allow(Scimaenaga.config).to(receive(:schemas).and_return(schemas))
         get :show, params: { id: 'urn:ietf:params:scim:schemas:core:2.0:User' }, as: :json
 
         expect(response.media_type).to eq 'application/scim+json'
       end
 
       it 'is successful with valid credentials' do
-        allow(ScimRails.config).to(receive(:schemas).and_return(schemas))
+        allow(Scimaenaga.config).to(receive(:schemas).and_return(schemas))
         get :show, params: { id: 'urn:ietf:params:scim:schemas:core:2.0:User' }, as: :json
 
         response_body = JSON.parse(response.body)

data/spec/controllers/{scim_rails → scimaenaga}/scim_schemas_request_spec.rb

@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-RSpec.describe ScimRails::ScimSchemasController, type: :request do
+RSpec.describe Scimaenaga::ScimSchemasController, type: :request do
   let(:company) { create(:company) }
   let(:credentials) do
     Base64.encode64("#{company.subdomain}:#{company.api_token}")