scimaenaga 0.9.0 → 0.9.1

data/app/controllers/concerns/scim_rails/response.rb

@@ -1,94 +0,0 @@
-# frozen_string_literal: true
-
-module ScimRails
-  module Response
-    CONTENT_TYPE = "application/scim+json"
-
-    def json_response(object, status = :ok)
-      render \
-        json: object,
-        status: status,
-        content_type: CONTENT_TYPE
-    end
-
-    def json_scim_response(object:, status: :ok, counts: nil)
-      case params[:action]
-      when "index"
-        render \
-          json: list_response(object, counts),
-          status: status,
-          content_type: CONTENT_TYPE
-      when "show", "create", "put_update", "patch_update"
-        render \
-          json: object_response(object),
-          status: status,
-          content_type: CONTENT_TYPE
-      end
-    end
-
-    private
-
-    def list_response(object, counts)
-      object = object
-        .order(:id)
-        .offset(counts.offset)
-        .limit(counts.limit)
-      {
-        schemas: [
-          "urn:ietf:params:scim:api:messages:2.0:ListResponse"
-        ],
-        totalResults: counts.total,
-        startIndex: counts.start_index,
-        itemsPerPage: counts.limit,
-        Resources: list_objects(object)
-      }
-    end
-
-    def list_objects(objects)
-      objects.map do |object|
-        object_response(object)
-      end
-    end
-
-    def object_response(object)
-      schema = case object
-               when ScimRails.config.scim_users_model
-                 ScimRails.config.user_schema
-               when ScimRails.config.scim_groups_model
-                 ScimRails.config.group_schema
-               else
-                 raise ScimRails::ExceptionHandler::InvalidQuery,
-                       "Unknown model: #{object}"
-               end
-      find_value(object, schema)
-    end
-
-    # `find_value` is a recursive method that takes a "user" and a
-    # "user schema" and replaces any symbols in the schema with the
-    # corresponding value from the user. Given a schema with symbols,
-    # `find_value` will search through the object for the symbols,
-    # send those symbols to the model, and replace the symbol with
-    # the return value.
-
-    def find_value(object, schema)
-      case schema
-      when Hash
-        schema.each.with_object({}) do |(key, value), hash|
-          hash[key] = find_value(object, value)
-        end
-      when Array, ActiveRecord::Associations::CollectionProxy
-        schema.map do |value|
-          find_value(object, value)
-        end
-      when ScimRails.config.scim_users_model
-        find_value(schema, ScimRails.config.user_abbreviated_schema)
-      when ScimRails.config.scim_groups_model
-        find_value(schema, ScimRails.config.group_abbreviated_schema)
-      when Symbol
-        find_value(object, object.public_send(schema))
-      else
-        schema
-      end
-    end
-  end
-end

data/app/controllers/scim_rails/application_controller.rb

@@ -1,72 +0,0 @@
-# frozen_string_literal: true
-
-module ScimRails
-  class ApplicationController < ActionController::API
-    include ActionController::HttpAuthentication::Basic::ControllerMethods
-    include ExceptionHandler
-    include Response
-
-    before_action :authorize_request
-
-    private
-
-    def authorize_request
-      send(authentication_strategy) do |searchable_attribute, authentication_attribute|
-        authorization = AuthorizeApiRequest.new(
-          searchable_attribute: searchable_attribute,
-          authentication_attribute: authentication_attribute
-        )
-        @company = authorization.company
-      end
-      raise ScimRails::ExceptionHandler::InvalidCredentials if @company.blank?
-    end
-
-    def authentication_strategy
-      if request.headers["Authorization"]&.include?("Bearer")
-        :authenticate_with_oauth_bearer
-      else
-        :authenticate_with_http_basic
-      end
-    end
-
-    def authenticate_with_oauth_bearer
-      authentication_attribute = request.headers["Authorization"].split.last
-      payload = ScimRails::Encoder.decode(authentication_attribute).with_indifferent_access
-      searchable_attribute = payload[ScimRails.config.basic_auth_model_searchable_attribute]
-
-      yield searchable_attribute, authentication_attribute
-    end
-
-    def find_value_for(attribute)
-      params.dig(*path_for(attribute))
-    end
-
-    # `path_for` is a recursive method used to find the "path" for
-    # `.dig` to take when looking for a given attribute in the
-    # params.
-    #
-    # Example: `path_for(:name)` should return an array that looks
-    # like [:names, 0, :givenName]. `.dig` can then use that path
-    # against the params to translate the :name attribute to "John".
-
-    def path_for(attribute, object = controller_schema, path = [])
-      at_path = path.empty? ? object : object.dig(*path)
-      return path if at_path == attribute
-
-      case at_path
-      when Hash
-        at_path.each do |key, _value|
-          found_path = path_for(attribute, object, [*path, key])
-          return found_path if found_path
-        end
-        nil
-      when Array
-        at_path.each_with_index do |_value, index|
-          found_path = path_for(attribute, object, [*path, index])
-          return found_path if found_path
-        end
-        nil
-      end
-    end
-  end
-end

data/app/controllers/scim_rails/scim_users_controller.rb

@@ -1,104 +0,0 @@
-# frozen_string_literal: true
-
-module ScimRails
-  class ScimUsersController < ScimRails::ApplicationController
-
-    def index
-      if params[:filter].present?
-        query = ScimRails::ScimQueryParser.new(
-          params[:filter], ScimRails.config.queryable_user_attributes
-        )
-
-        users = @company
-                .public_send(ScimRails.config.scim_users_scope)
-                .where(
-                  "#{ScimRails.config.scim_users_model
-              .connection.quote_column_name(query.attribute)} #{query.operator} ?",
-                  query.parameter
-                )
-                .order(ScimRails.config.scim_users_list_order)
-      else
-        users = @company
-                .public_send(ScimRails.config.scim_users_scope)
-                .order(ScimRails.config.scim_users_list_order)
-      end
-
-      counts = ScimCount.new(
-        start_index: params[:startIndex],
-        limit: params[:count],
-        total: users.count
-      )
-
-      json_scim_response(object: users, counts: counts)
-    end
-
-    def create
-      if ScimRails.config.scim_user_prevent_update_on_create
-        user = @company
-               .public_send(ScimRails.config.scim_users_scope)
-               .create!(permitted_user_params)
-      else
-        username_key = ScimRails.config.queryable_user_attributes[:userName]
-        find_by_username = {}
-        find_by_username[username_key] = permitted_user_params[username_key]
-        user = @company
-               .public_send(ScimRails.config.scim_users_scope)
-               .find_or_create_by(find_by_username)
-        user.update!(permitted_user_params)
-      end
-      json_scim_response(object: user, status: :created)
-    end
-
-    def show
-      user = @company.public_send(ScimRails.config.scim_users_scope).find(params[:id])
-      json_scim_response(object: user)
-    end
-
-    def put_update
-      user = @company.public_send(ScimRails.config.scim_users_scope).find(params[:id])
-      user.update!(permitted_user_params)
-      json_scim_response(object: user)
-    end
-
-    def patch_update
-      user = @company.public_send(ScimRails.config.scim_users_scope).find(params[:id])
-      patch = ScimPatch.new(params, :user)
-      patch.save(user)
-
-      json_scim_response(object: user)
-    end
-
-    def destroy
-      unless ScimRails.config.user_destroy_method
-        raise ScimRails::ExceptionHandler::InvalidConfiguration
-      end
-
-      user = @company.public_send(ScimRails.config.scim_users_scope).find(params[:id])
-      raise ActiveRecord::RecordNotFound unless user
-
-      begin
-        user.public_send(ScimRails.config.user_destroy_method)
-      rescue NoMethodError => e
-        raise ScimRails::ExceptionHandler::InvalidConfiguration, e.message
-      rescue ActiveRecord::RecordNotDestroyed => e
-        raise ScimRails::ExceptionHandler::InvalidRequest, e.message
-      rescue => e
-        raise ScimRails::ExceptionHandler::UnexpectedError, e.message
-      end
-
-      head :no_content
-    end
-
-    private
-
-      def permitted_user_params
-        ScimRails.config.mutable_user_attributes.each.with_object({}) do |attribute, hash|
-          hash[attribute] = find_value_for(attribute)
-        end
-      end
-
-      def controller_schema
-        ScimRails.config.mutable_user_attributes_schema
-      end
-  end
-end

data/app/models/scim_rails/authorize_api_request.rb

@@ -1,40 +0,0 @@
-module ScimRails
-  class AuthorizeApiRequest
-
-    def initialize(searchable_attribute:, authentication_attribute:)
-      @searchable_attribute = searchable_attribute
-      @authentication_attribute = authentication_attribute
-
-      raise ScimRails::ExceptionHandler::InvalidCredentials if searchable_attribute.blank? || authentication_attribute.blank?
-
-      @search_parameter = { ScimRails.config.basic_auth_model_searchable_attribute => @searchable_attribute }
-    end
-
-    def company
-      company = find_company
-      authorize(company)
-      company
-    end
-
-    private
-
-    attr_reader :authentication_attribute
-    attr_reader :search_parameter
-    attr_reader :searchable_attribute
-
-    def find_company
-      @company ||= ScimRails.config.basic_auth_model.find_by!(search_parameter)
-
-    rescue ActiveRecord::RecordNotFound
-      raise ScimRails::ExceptionHandler::InvalidCredentials
-    end
-
-    def authorize(authentication_model)
-      authorized = ActiveSupport::SecurityUtils.secure_compare(
-        authentication_model.public_send(ScimRails.config.basic_auth_model_authenticatable_attribute),
-        authentication_attribute
-      )
-      raise ScimRails::ExceptionHandler::InvalidCredentials unless authorized
-    end
-  end
-end

data/app/models/scim_rails/scim_query_parser.rb

@@ -1,49 +0,0 @@
-# frozen_string_literal: true
-
-module ScimRails
-  class ScimQueryParser
-    attr_accessor :query_elements, :query_attributes
-
-    def initialize(query_string, queryable_attributes)
-      self.query_elements = query_string.gsub(/\[(.+?)\]/, ".0").split
-      self.query_attributes = queryable_attributes
-    end
-
-    def attribute
-      attribute = query_elements[0]
-      raise ScimRails::ExceptionHandler::InvalidQuery if attribute.blank?
-
-      dig_keys = attribute.split(".").map do |step|
-        step == "0" ? 0 : step.to_sym
-      end
-
-      mapped_attribute = query_attributes.dig(*dig_keys)
-      raise ScimRails::ExceptionHandler::InvalidQuery if mapped_attribute.blank?
-
-      mapped_attribute
-    end
-
-    def operator
-      sql_comparison_operator(query_elements[1])
-    end
-
-    def parameter
-      parameter = query_elements[2..-1].join(" ")
-      return if parameter.blank?
-
-      parameter.gsub(/"/, "")
-    end
-
-    private
-
-    def sql_comparison_operator(element)
-      case element
-      when "eq"
-        "="
-      else
-        # TODO: implement additional query filters
-        raise ScimRails::ExceptionHandler::InvalidQuery
-      end
-    end
-  end
-end

data/lib/generators/scim_rails/USAGE

@@ -1,8 +0,0 @@
-Description:
-    Generates the scim_rails initializer.
-
-Example:
-    rails generate scim_rails config
-
-    This will create:
-        config/initializers/scim_rails_config.rb

data/lib/generators/scim_rails/scim_rails_generator.rb

@@ -1,7 +0,0 @@
-class ScimRailsGenerator < Rails::Generators::NamedBase
-  source_root File.expand_path('../templates', __FILE__)
-
-  def copy_initializer_file
-    copy_file "initializer.rb", "config/initializers/scim_rails_config.rb"
-  end
-end

data/lib/scim_rails/encoder.rb

@@ -1,25 +0,0 @@
-require "jwt"
-
-module ScimRails
-  module Encoder
-    extend self
-
-    def encode(company)
-      payload = {
-        iat: Time.current.to_i,
-        ScimRails.config.basic_auth_model_searchable_attribute =>
-          company.public_send(ScimRails.config.basic_auth_model_searchable_attribute)
-      }
-
-      JWT.encode(payload, ScimRails.config.signing_secret, ScimRails.config.signing_algorithm)
-    end
-
-    def decode(token)
-      verify = ScimRails.config.signing_algorithm != ScimRails::Config::ALGO_NONE
-
-      JWT.decode(token, ScimRails.config.signing_secret, verify, algorithm: ScimRails.config.signing_algorithm).first
-    rescue JWT::VerificationError, JWT::DecodeError
-      raise ScimRails::ExceptionHandler::InvalidCredentials
-    end
-  end
-end

data/lib/scim_rails/engine.rb

@@ -1,12 +0,0 @@
-module ScimRails
-  class Engine < ::Rails::Engine
-    isolate_namespace ScimRails
-
-    config.generators do |g|
-      g.test_framework :rspec, :fixture => false
-      g.fixture_replacement :factory_bot, :dir => "spec/factories"
-      g.assets false
-      g.helper false
-    end
-  end
-end

data/lib/scim_rails/version.rb

@@ -1,5 +0,0 @@
-# frozen_string_literal: true
-
-module ScimRails
-  VERSION = '0.9.0'
-end

data/lib/scim_rails.rb

@@ -1,6 +0,0 @@
-require "scim_rails/engine"
-require "scim_rails/config"
-require "scim_rails/encoder"
-
-module ScimRails
-end

data/spec/lib/scim_rails/encoder_spec.rb

@@ -1,62 +0,0 @@
-require "spec_helper"
-
-describe ScimRails::Encoder do
-  let(:company) { Company.new(subdomain: "test") }
-
-  describe "::encode" do
-    context "with signing configuration" do
-      it "generates a signed token with the company attribute" do
-        token   = ScimRails::Encoder.encode(company)
-        payload = ScimRails::Encoder.decode(token)
-
-        expect(token).to match /[a-z|A-Z|0-9.]{16,}\.[a-z|A-Z|0-9.]{16,}/
-        expect(payload).to contain_exactly(["iat", Integer], ["subdomain", "test"])
-      end
-    end
-
-    context "without signing configuration" do
-      before do
-        allow(ScimRails.config).to receive(:signing_secret).and_return(nil)
-        allow(ScimRails.config).to receive(:signing_algorithm).and_return(ScimRails::Config::ALGO_NONE)
-      end
-
-      it "generates an unsigned token with the company attribute" do
-        token   = ScimRails::Encoder.encode(company)
-        payload = ScimRails::Encoder.decode(token)
-
-        expect(token).to match /[a-z|A-Z|0-9.]{16,}/
-        expect(payload).to contain_exactly(["iat", Integer], ["subdomain", "test"])
-      end
-    end
-  end
-
-  describe "::decode" do
-    let(:token) { ScimRails::Encoder.encode(company) }
-
-    it "raises InvalidCredentials error for an invalid token" do
-      token = "f487bf84bfub4f74fj4894fnh483f4h4u8f"
-      expect { ScimRails::Encoder.decode(token) }.to raise_error ScimRails::ExceptionHandler::InvalidCredentials
-    end
-
-    context "with signing configuration" do
-      it "decodes a signed token, returning the company attributes" do
-        payload = ScimRails::Encoder.decode(token)
-
-        expect(payload).to contain_exactly(["iat", Integer], ["subdomain", "test"])
-      end
-    end
-
-    context "without signing configuration" do
-      before do
-        allow(ScimRails.config).to receive(:signing_secret).and_return(nil)
-        allow(ScimRails.config).to receive(:signing_algorithm).and_return(ScimRails::Config::ALGO_NONE)
-      end
-
-      it "decodes an unsigned token, returning the company attributes" do
-        payload = ScimRails::Encoder.decode(token)
-
-        expect(payload).to contain_exactly(["iat", Integer], ["subdomain", "test"])
-      end
-    end
-  end
-end