scimitar 1.0.0

data/app/models/scimitar/resources/user.rb

@@ -0,0 +1,13 @@
+module Scimitar
+  module Resources
+    class User < Base
+
+      set_schema Schema::User
+
+      def self.endpoint
+        '/Users'
+      end
+
+    end
+  end
+end

data/app/models/scimitar/schema/address.rb

@@ -0,0 +1,24 @@
+module Scimitar
+  module Schema
+
+    # Represents the schema for the Address complex type.
+    #
+    # See also Scimitar::ComplexTypes::Address
+    #
+    class Address < Base
+
+      def self.scim_attributes
+        @scim_attributes ||= [
+          Attribute.new(name: 'type',          type: 'string'),
+          Attribute.new(name: 'formatted',     type: 'string'),
+          Attribute.new(name: 'streetAddress', type: 'string'),
+          Attribute.new(name: 'locality',      type: 'string'),
+          Attribute.new(name: 'region',        type: 'string'),
+          Attribute.new(name: 'postalCode',    type: 'string'),
+          Attribute.new(name: 'country',       type: 'string'),
+        ]
+      end
+
+    end
+  end
+end

data/app/models/scimitar/schema/attribute.rb

@@ -0,0 +1,123 @@
+module Scimitar
+  module Schema
+
+    # Represents an attribute of a SCIM resource that is declared in its
+    # schema.
+    #
+    # Attributes can be simple or complex. A complex attribute needs to have
+    # its own schema that is passed to the initialize method when the attribute
+    # is instantiated.
+    #
+    # Examples:
+    #
+    #     Attribute.new(name: 'userName', type: 'string', uniqueness: 'server')
+    #     Attribute.new(name: 'name', complexType: Scimitar::ComplexTypes::Name)
+    #
+    class Attribute
+      include ActiveModel::Model
+      include Scimitar::Errors
+
+      attr_accessor :name,
+                    :type,
+                    :multiValued,
+                    :required,
+                    :caseExact,
+                    :mutability,
+                    :returned,
+                    :uniqueness,
+                    :subAttributes,
+                    :complexType,
+                    :canonicalValues
+
+      # +options+:: Hash of values to be used for instantiating the attribute
+      #             object. Some of the instance variables of the objects will
+      #             have default values if this hash does not contain anything
+      #             for them.
+      #
+      def initialize(options = {})
+        defaults = {
+          multiValued:     false,
+          required:        false,
+          caseExact:       false,
+          mutability:      'readWrite',
+          uniqueness:      'none',
+          returned:        'default',
+          canonicalValues: []
+        }
+
+        if options[:complexType]
+          defaults.merge!(type: 'complex', subAttributes: options[:complexType].schema.scim_attributes)
+        end
+
+        super(defaults.merge(options || {}))
+      end
+
+      # Validates a value against this attribute object. For simple attributes,
+      # it checks if blank is valid or not and if the type matches. For complex
+      # attributes, it delegates it to the valid? method of the complex type
+      # schema.
+      #
+      # If the value is not valid, validation message(s) are added to the
+      # #errors attribute of this object.
+      #
+      # +value+:: Value to check.
+      #
+      # Returns +true+ if value is valid for this attribute, else +false+.
+      #
+      def valid?(value)
+        return valid_blank? if value.blank? && !value.is_a?(FalseClass)
+
+        if type == 'complex'
+          return all_valid?(complexType, value) if multiValued
+          valid_complex_type?(value)
+        else
+          valid_simple_type?(value)
+        end
+      end
+
+      def valid_blank?
+        return true unless self.required
+        errors.add(self.name, 'is required')
+        false
+      end
+
+      def valid_complex_type?(value)
+        if !value.class.respond_to?(:schema) || value.class.schema != complexType.schema
+          errors.add(self.name, 'has to follow the complexType format.')
+          return false
+        end
+        value.class.schema.valid?(value)
+        return true if value.errors.empty?
+        add_errors_from_hash(value.errors.to_hash, prefix: self.name)
+        false
+      end
+
+      def valid_simple_type?(value)
+        valid = (type == 'string' && value.is_a?(String)) ||
+          (type == 'boolean' && (value.is_a?(TrueClass) || value.is_a?(FalseClass))) ||
+          (type == 'integer' && (value.is_a?(Integer))) ||
+          (type == 'dateTime' && valid_date_time?(value))
+        errors.add(self.name, "has the wrong type. It has to be a(n) #{self.type}.") unless valid
+        valid
+      end
+
+      def valid_date_time?(value)
+        !!Time.iso8601(value)
+      rescue ArgumentError
+        false
+      end
+
+      def all_valid?(complex_type, value)
+        validations = value.map {|value_in_array| valid_complex_type?(value_in_array)}
+        validations.all?
+      end
+
+      def as_json(options = {})
+        options[:except] ||= ['complexType']
+        options[:except] << 'canonicalValues' if canonicalValues.empty?
+        super.except(options)
+      end
+
+    end
+  end
+end

data/app/models/scimitar/schema/base.rb

@@ -0,0 +1,86 @@
+module Scimitar
+  module Schema
+    # The base class that each schema class must inherit from.
+    # These classes represent the schema of a SCIM resource or a complex type that could be used in a resource.
+    class Base
+      include ActiveModel::Model
+      attr_accessor :id, :name, :description, :scim_attributes, :meta
+
+      def initialize(options = {})
+        super
+        @meta = Meta.new(resourceType: 'Schema')
+      end
+
+      # Converts the schema to its json representation that will be returned by /SCHEMAS end-point of a SCIM service provider.
+      def as_json(options = {})
+        @meta.location = Scimitar::Engine.routes.url_helpers.scim_schemas_path(name: id)
+        original = super
+        original.merge('attributes' => original.delete('scim_attributes'))
+      end
+
+      # Validates the resource against specific validations of each attribute,
+      # for example if the type of the attribute matches the one defined in the
+      # schema.
+      #
+      # +resource+:: A resource object that uses this schema.
+      #
+      def self.valid?(resource)
+        cloned_scim_attributes.each do |scim_attribute|
+          resource.add_errors_from_hash(scim_attribute.errors.to_hash) unless scim_attribute.valid?(resource.send(scim_attribute.name))
+        end
+      end
+
+      def self.cloned_scim_attributes
+        scim_attributes.map { |scim_attribute| scim_attribute.clone }
+      end
+
+      # Find a given attribute this schema, travelling down a path to any
+      # sub-attributes within. Given that callers might be dealing with paths
+      # into actual SCIM data, array indices for multi-value attributes are
+      # allowed (as integers) and simply skipped - only the names are of
+      # interest.
+      #
+      # This is typically used to access attribute properties such as intended
+      # mutability ('readOnly', 'readWrite', 'immutable', 'writeOnly').
+      #
+      # Returns the found Scimitar::Schema::Attribute or "nil".
+      #
+      # *path:: One or more attribute names as Strings, or Integer indices.
+      #
+      # For example, in a User schema, passing "name", "givenName" would find
+      # the "givenName" attribute. Passing "emails", 0, "value" would find the
+      # schema attribute for "value" under "emails", ignoring the array index
+      # (since the schema is identical for each item in an array of values).
+      #
+      # See also Scimitar::Resources::Base::find_attribute
+      #
+      def self.find_attribute(*path)
+        found_attribute    = nil
+        current_attributes = self.scim_attributes()
+
+        until path.empty? do
+          current_path_entry = path.shift()
+          next if current_path_entry.is_a?(Integer) # Skip array indicies arising from multi-value attributes
+
+          found_attribute = current_attributes.find do | attribute_to_check |
+            attribute_to_check.name == current_path_entry
+          end
+
+          if found_attribute && path.present? # Any sub-attributes to check?...
+            if found_attribute.subAttributes.present? # ...and are any defined?
+              current_attributes = found_attribute.subAttributes
+            else
+              found_attribute = nil
+              break # NOTE EARLY EXIT - tried to find a sub-attribute but there are none
+            end
+          else
+            break # NOTE EARLY EXIT - no found attribute, or found target item at end of path
+          end
+        end # "until path.empty() do"
+
+        return found_attribute
+      end
+
+    end
+  end
+end

data/app/models/scimitar/schema/derived_attributes.rb

@@ -0,0 +1,24 @@
+module Scimitar
+  module Schema
+    module DerivedAttributes
+      extend ActiveSupport::Concern
+
+      class_methods do
+        def set_schema(schema)
+          @schema = schema
+          derive_attributes_from_schema(schema)
+          schema
+        end
+
+        def derive_attributes_from_schema(schema)
+          attr_accessor *schema.scim_attributes.map(&:name)
+        end
+
+        def schema
+          @schema
+        end
+      end
+
+    end
+  end
+end

data/app/models/scimitar/schema/email.rb

@@ -0,0 +1,10 @@
+module Scimitar
+  module Schema
+
+    # Represents the schema for the Email complex type.
+    #
+    # See also Scimitar::ComplexTypes::Email
+    #
+    class Email < Vdtp; end
+  end
+end

data/app/models/scimitar/schema/entitlement.rb

@@ -0,0 +1,10 @@
+module Scimitar
+  module Schema
+
+    # Represents the schema for the Entitlement complex type.
+    #
+    # See also Scimitar::ComplexTypes::Entitlement
+    #
+    class Entitlement < Vdtp; end
+  end
+end

data/app/models/scimitar/schema/group.rb

@@ -0,0 +1,27 @@
+module Scimitar
+  module Schema
+    # Represents the schema for the Group resource
+    # See also Scimitar::Resources::Group
+    class Group < Base
+
+      def initialize(options = {})
+        super(name: 'Group',
+              id: self.class.id,
+              description: 'Represents a Group',
+              scim_attributes: self.class.scim_attributes)
+      end
+
+      def self.id
+        'urn:ietf:params:scim:schemas:core:2.0:Group'
+      end
+
+      def self.scim_attributes
+        [
+          Attribute.new(name: 'displayName', type: 'string', required: true),
+          Attribute.new(name: 'members', multiValued: true, complexType: Scimitar::ComplexTypes::ReferenceMember, mutability: 'readWrite')
+        ]
+      end
+
+    end
+  end
+end

data/app/models/scimitar/schema/ims.rb

@@ -0,0 +1,10 @@
+module Scimitar
+  module Schema
+
+    # Represents the schema for the Ims (Instant Messaging) complex type.
+    #
+    # See also Scimitar::ComplexTypes::Ims
+    #
+    class Ims < Vdtp; end
+  end
+end

data/app/models/scimitar/schema/name.rb

@@ -0,0 +1,20 @@
+module Scimitar
+  module Schema
+    # Represents the schema for the Name complex type
+    # See also Scimitar::ComplexTypes::Name
+    class Name < Base
+
+      def self.scim_attributes
+        @scim_attributes ||= [
+          Attribute.new(name: 'familyName',       type: 'string', required: true),
+          Attribute.new(name: 'givenName',        type: 'string', required: true),
+          Attribute.new(name: 'middleName',       type: 'string'),
+          Attribute.new(name: 'formatted',        type: 'string'),
+          Attribute.new(name: 'honorificPrefix',  type: 'string'),
+          Attribute.new(name: 'honorificSuffix',  type: 'string'),
+        ]
+      end
+
+    end
+  end
+end

data/app/models/scimitar/schema/phone_number.rb

@@ -0,0 +1,10 @@
+module Scimitar
+  module Schema
+
+    # Represents the schema for the PhoneNumber complex type.
+    #
+    # See also Scimitar::ComplexTypes::PhoneNumber
+    #
+    class PhoneNumber < Vdtp; end
+  end
+end

data/app/models/scimitar/schema/photo.rb

@@ -0,0 +1,10 @@
+module Scimitar
+  module Schema
+
+    # Represents the schema for the Photo complex type.
+    #
+    # See also Scimitar::ComplexTypes::Photo
+    #
+    class Photo < Vdtp; end
+  end
+end

data/app/models/scimitar/schema/reference_group.rb

@@ -0,0 +1,23 @@
+module Scimitar
+  module Schema
+
+    # Represents the schema for the ReferenceGroup complex type,
+    # referring to a group of which a user is a member - used in
+    # a User SCIM resource's "groups" array.
+    #
+    # These are always read-only, with no ability to change the
+    # membership list through a User. Change via Groups instead.
+    #
+    # See also Scimitar::ComplexTypes::ReferenceGroup
+    #
+    class ReferenceGroup < Base
+      def self.scim_attributes
+        @scim_attributes ||= [
+          Attribute.new(name: 'value',   type: 'string', mutability: 'readOnly', required: true),
+          Attribute.new(name: 'display', type: 'string', mutability: 'readOnly'),
+          Attribute.new(name: 'type',    type: 'string', mutability: 'readOnly'),
+        ]
+      end
+    end
+  end
+end

data/app/models/scimitar/schema/reference_member.rb

@@ -0,0 +1,21 @@
+module Scimitar
+  module Schema
+
+    # Represents the schema for the ReferenceMember complex type,
+    # referring to a member of a group (where members can themselves
+    # be Users or Groups, identified by the "type" attribute). Used
+    # by the Group SCIM resource's "members" array.
+    #
+    # See also Scimitar::ComplexTypes::ReferenceMember
+    #
+    class ReferenceMember < Base
+      def self.scim_attributes
+        @scim_attributes ||= [
+          Attribute.new(name: 'value',    type: 'string', mutability: 'immutable', required: true),
+          Attribute.new(name: 'type',     type: 'string', mutability: 'immutable'),
+          Attribute.new(name: 'display',  type: 'string', mutability: 'immutable'),
+        ]
+      end
+    end
+  end
+end

data/app/models/scimitar/schema/role.rb

@@ -0,0 +1,10 @@
+module Scimitar
+  module Schema
+
+    # Represents the schema for the Role complex type.
+    #
+    # See also Scimitar::ComplexTypes::Role
+    #
+    class Role < Vdtp; end
+  end
+end