scimitar 1.0.0

data/app/models/scimitar/schema/user.rb

@@ -0,0 +1,52 @@
+module Scimitar
+  module Schema
+    # Represents the schema for the User resource
+    # See also Scimitar::Resources::User
+    class User < Base
+
+      def initialize(options = {})
+        super(name: 'User',
+              id: self.class.id,
+              description: 'Represents a User',
+              scim_attributes: self.class.scim_attributes)
+
+      end
+
+      def self.id
+        'urn:ietf:params:scim:schemas:core:2.0:User'
+      end
+
+      def self.scim_attributes
+        [
+          Attribute.new(name: 'userName',          type: 'string', uniqueness: 'server', required: true),
+
+          Attribute.new(name: 'name', complexType: Scimitar::ComplexTypes::Name),
+
+          Attribute.new(name: 'displayName',       type: 'string'),
+          Attribute.new(name: 'nickName',          type: 'string'),
+          Attribute.new(name: 'profileUrl',        type: 'string'),
+          Attribute.new(name: 'title',             type: 'string'),
+          Attribute.new(name: 'userType',          type: 'string'),
+          Attribute.new(name: 'preferredLanguage', type: 'string'),
+          Attribute.new(name: 'locale',            type: 'string'),
+          Attribute.new(name: 'timezone',          type: 'string'),
+
+          Attribute.new(name: 'active',            type: 'boolean'),
+
+          Attribute.new(name: 'password',          type: 'string', mutability: 'writeOnly', returned: 'never'),
+
+          Attribute.new(name: 'emails',           multiValued: true, complexType: Scimitar::ComplexTypes::Email),
+          Attribute.new(name: 'phoneNumbers',     multiValued: true, complexType: Scimitar::ComplexTypes::PhoneNumber),
+          Attribute.new(name: 'ims',              multiValued: true, complexType: Scimitar::ComplexTypes::Ims),
+          Attribute.new(name: 'photos',           multiValued: true, complexType: Scimitar::ComplexTypes::Photo),
+          Attribute.new(name: 'addresses',        multiValued: true, complexType: Scimitar::ComplexTypes::Address),
+          Attribute.new(name: 'groups',           multiValued: true, complexType: Scimitar::ComplexTypes::ReferenceGroup, mutability: 'readOnly'),
+          Attribute.new(name: 'entitlements',     multiValued: true, complexType: Scimitar::ComplexTypes::Entitlement),
+          Attribute.new(name: 'roles',            multiValued: true, complexType: Scimitar::ComplexTypes::Role),
+          Attribute.new(name: 'x509Certificates', multiValued: true, complexType: Scimitar::ComplexTypes::X509Certificate),
+        ]
+      end
+
+    end
+  end
+end

data/app/models/scimitar/schema/vdtp.rb

@@ -0,0 +1,18 @@
+module Scimitar
+  module Schema
+
+    # Represents a common schema for a few complex types; base class DRYs up
+    # code. "Vdtp" - Value, Display, Type, Primary.
+    #
+    class Vdtp < Base
+      def self.scim_attributes
+        @scim_attributes ||= [
+          Attribute.new(name: 'value',   type: 'string', required: true),
+          Attribute.new(name: 'display', type: 'string', mutability: 'readOnly'),
+          Attribute.new(name: 'type',    type: 'string'),
+          Attribute.new(name: 'primary', type: 'boolean'),
+        ]
+      end
+    end
+  end
+end

data/app/models/scimitar/schema/x509_certificate.rb

@@ -0,0 +1,22 @@
+module Scimitar
+  module Schema
+
+    # Represents the schema for the X509Certificate complex type.
+    # The 'value' holds the certificate data.
+    #
+    # Similar to the Vdtp class, but the "value" field is of type "binary".
+    #
+    # See also Scimitar::ComplexTypes::X509Certificate
+    #
+    class X509Certificate < Base
+      def self.scim_attributes
+        @scim_attributes ||= [
+          Attribute.new(name: 'value',   type: 'binary', required: true),
+          Attribute.new(name: 'display', type: 'string', mutability: 'readOnly'),
+          Attribute.new(name: 'type',    type: 'string'),
+          Attribute.new(name: 'primary', type: 'boolean'),
+        ]
+      end
+    end
+  end
+end

data/app/models/scimitar/service_provider_configuration.rb

@@ -0,0 +1,49 @@
+module Scimitar
+
+  # Represents the service provider info. Used by the /ServiceProviderConfig
+  # endpoint to provide specification compliance, authentication schemes and
+  # data models. Renders to JSON as a SCIM ServiceProviderConfig type.
+  #
+  # See config/initializers/scimitar.rb for more information.
+  #
+  class ServiceProviderConfiguration
+    include ActiveModel::Model
+
+    attr_accessor :patch, :bulk, :filter, :changePassword,
+      :sort, :etag, :authenticationSchemes,
+      :schemas, :meta
+
+    def initialize(attributes = {})
+      defaults = {
+        bulk:           Supportable.unsupported,
+        changePassword: Supportable.unsupported,
+        sort:           Supportable.unsupported,
+        etag:           Supportable.unsupported,
+
+        patch: Supportable.supported,
+
+        filter: Scimitar::Filter.new(
+          supported:  true,
+          maxResults: Scimitar::Filter::MAX_RESULTS_DEFAULT
+        ),
+
+        schemas: ["urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"],
+
+        meta: Meta.new(
+          resourceType: 'ServiceProviderConfig',
+          created:      Time.now,
+          lastModified: Time.now,
+          version:      '1'
+        ),
+
+        authenticationSchemes: [
+          AuthenticationScheme.basic,
+          AuthenticationScheme.bearer
+        ]
+      }
+
+      super(defaults.merge(attributes))
+    end
+
+  end
+end

data/app/models/scimitar/supportable.rb

@@ -0,0 +1,14 @@
+module Scimitar
+  class Supportable
+    include ActiveModel::Model
+    attr_accessor :supported
+
+    def self.supported
+      new(supported: true)
+    end
+
+    def self.unsupported
+      new(supported: false)
+    end
+  end
+end

data/app/views/layouts/scimitar/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Scimitar</title>
+  <%= stylesheet_link_tag    "scimitar/application", media: "all" %>
+  <%= javascript_include_tag "scimitar/application" %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/config/initializers/scimitar.rb

@@ -0,0 +1,82 @@
+# SCIMITAR CONFIGURATION
+#
+# For supporting information and rationale, please see README.md.
+
+# =============================================================================
+# SERVICE PROVIDER CONFIGURATION
+# =============================================================================
+#
+# This is a Ruby abstraction over a SCIM entity that declares the capabilities
+# supported by a particular implementation.
+#
+# Typically this is used to declare parts of the standard unsupported, if you
+# don't need them and don't want to provide subclass support.
+#
+Scimitar.service_provider_configuration = Scimitar::ServiceProviderConfiguration.new({
+
+  # See https://tools.ietf.org/html/rfc7643#section-8.5 for properties.
+  #
+  # See Gem source file 'app/models/scimitar/service_provider_configuration.rb'
+  # for defaults. Define Hash keys here that override defaults; e.g. to declare
+  # that filters are not supported so that calling clients shouldn't use them:
+  #
+  #   filter: Scimitar::Supported.unsupported
+
+})
+
+# =============================================================================
+# ENGINE CONFIGURATION
+# =============================================================================
+#
+# This is where you provide callbacks for things like authorisation or mixins
+# that get included into all Scimitar-derived controllers (for things like
+# before-actions that apply to all Scimitar controller-based routes).
+#
+Scimitar.engine_configuration = Scimitar::EngineConfiguration.new({
+
+  # If you have filters you want to run for any Scimitar action/route, you can
+  # define them here. For example, you might use a before-action to set up some
+  # multi-tenancy related state, or skip Rails CSRF token verification/
+  #
+  # For example:
+  #
+  #     application_controller_mixin: Module.new do
+  #       def self.included(base)
+  #         base.class_eval do
+  #
+  #           # Anything here is written just as you'd write it at the top of
+  #           # one of your controller classes, but it gets included in all
+  #           # Scimitar classes too.
+  #
+  #           skip_before_action    :verify_authenticity_token
+  #           prepend_before_action :setup_some_kind_of_multi_tenancy_data
+  #         end
+  #       end
+  #     end, # ...other configuration entries might follow...
+
+  # If you want to support username/password authentication:
+  #
+  #     basic_authenticator: Proc.new do | username, password |
+  #       # Check username/password and return 'true' if valid, else 'false'.
+  #     end, # ...other configuration entries might follow...
+  #
+  # The 'username' and 'password' parameters come from Rails:
+  #
+  #   https://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Basic.html
+  #   https://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Basic/ControllerMethods.html#method-i-authenticate_with_http_basic
+
+  # If you want to support HTTP bearer token (OAuth-style) authentication:
+  #
+  #     token_authenticator: Proc.new do | token, options |
+  #       # Check token and return 'true' if valid, else 'false'.
+  #     end, # ...other configuration entries might follow...
+  #
+  # The 'token' and 'options' parameters come from Rails:
+  #
+  #   https://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token.html
+  #   https://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token/ControllerMethods.html#method-i-authenticate_with_http_token
+  #
+  # Note that both basic and token authentication can be declared, with the
+  # parameters in the inbound HTTP request determining which is invoked.
+
+})

data/config/routes.rb

@@ -0,0 +1,6 @@
+Scimitar::Engine.routes.draw do
+  get 'ServiceProviderConfig', to: 'service_provider_configurations#show', as: :scim_service_provider_configuration
+  get 'ResourceTypes',         to: 'resource_types#index',                 as: :scim_resource_types
+  get 'ResourceTypes/:name',   to: 'resource_types#show',                  as: :scim_resource_type
+  get 'Schemas',               to: 'schemas#index',                        as: :scim_schemas
+end

data/lib/scimitar.rb

@@ -0,0 +1,23 @@
+require 'scimitar/version'
+require 'scimitar/engine'
+
+module Scimitar
+  def self.service_provider_configuration=(custom_configuration)
+    @service_provider_configuration = custom_configuration
+  end
+
+  def self.service_provider_configuration(location:)
+    @service_provider_configuration ||= ServiceProviderConfiguration.new
+    @service_provider_configuration.meta.location = location
+    @service_provider_configuration
+  end
+
+  def self.engine_configuration=(custom_configuration)
+    @engine_configuration = custom_configuration
+  end
+
+  def self.engine_configuration
+    @engine_configuration ||= EngineConfiguration.new
+    @engine_configuration
+  end
+end

data/lib/scimitar/engine.rb

@@ -0,0 +1,63 @@
+module Scimitar
+  class Engine < ::Rails::Engine
+    isolate_namespace Scimitar
+
+    Mime::Type.register 'application/scim+json', :scim
+
+    ActionDispatch::Request.parameter_parsers[Mime::Type.lookup('application/scim+json').symbol] = lambda do |body|
+      JSON.parse(body)
+    end
+
+    def self.resources
+      default_resources + custom_resources
+    end
+
+    # Can be used to add a new resource type which is not provided by the gem.
+    # For example:
+    #
+    #     module Scim
+    #       module Resources
+    #         class ShinyResource < Scimitar::Resources::Base
+    #           set_schema Scim::Schema::Shiny
+    #
+    #           def self.endpoint
+    #             "/Shinies"
+    #           end
+    #         end
+    #       end
+    #     end
+    #
+    #     Scimitar::Engine.add_custom_resource Scim::Resources::ShinyResource
+    #
+    def self.add_custom_resource(resource)
+      custom_resources << resource
+    end
+
+    # Resets the resource list to default. This is really only intended for use
+    # during testing, to avoid one test polluting another.
+    #
+    def self.reset_custom_resources
+      @custom_resources = []
+    end
+
+    # Returns the list of custom resources, if any.
+    #
+    def self.custom_resources
+      @custom_resources ||= []
+    end
+
+    # Returns the default resources added in this gem:
+    #
+    # * Scimitar::Resources::User
+    # * Scimitar::Resources::Group
+    #
+    def self.default_resources
+      [ Resources::User, Resources::Group ]
+    end
+
+    def self.schemas
+      resources.map(&:schemas).flatten.uniq.map(&:new)
+    end
+
+  end
+end

data/lib/scimitar/version.rb

@@ -0,0 +1,13 @@
+module Scimitar
+
+  # Gem version. If this changes, be sure to re-run "bundle install" or
+  # "bundle update".
+  #
+  VERSION = '1.0.0'
+
+  # Date for VERSION. If this changes, be sure to re-run "bundle install"
+  # or "bundle update".
+  #
+  DATE = '2021-03-24'
+
+end

data/spec/apps/dummy/app/controllers/custom_destroy_mock_users_controller.rb

@@ -0,0 +1,24 @@
+# For tests only - uses custom 'destroy' implementation which passes a block to
+# Scimitar::ActiveRecordBackedResourcesController#destroy.
+#
+class CustomDestroyMockUsersController < Scimitar::ActiveRecordBackedResourcesController
+
+  NOT_REALLY_DELETED_USERNAME_INDICATOR = 'not really deleted'
+
+  def destroy
+    super do | resource |
+      resource.update!(username: NOT_REALLY_DELETED_USERNAME_INDICATOR)
+    end
+  end
+
+  protected
+
+    def storage_class
+      MockUser
+    end
+
+    def storage_scope
+      MockUser.all
+    end
+
+end

data/spec/apps/dummy/app/controllers/custom_request_verifiers_controller.rb

@@ -0,0 +1,30 @@
+# For tests only - uses custom 'index' implementation which returns information
+# from the Rails 'request' object in its response.
+#
+class CustomRequestVerifiersController < Scimitar::ActiveRecordBackedResourcesController
+
+  def index
+    render json: {
+      request: {
+        is_scim: request.format == :scim,
+        format: request.format.to_s,
+        content_type: request.headers['CONTENT_TYPE']
+      }
+    }
+  end
+
+  def create
+    # Used for invalid JSON input tests
+  end
+
+  protected
+
+    def storage_class
+      MockUser
+    end
+
+    def storage_scope
+      MockUser.all
+    end
+
+end

data/spec/apps/dummy/app/controllers/mock_groups_controller.rb

@@ -0,0 +1,13 @@
+class MockUsersController < Scimitar::ActiveRecordBackedResourcesController
+
+  protected
+
+    def storage_class
+      MockGroup
+    end
+
+    def storage_scope
+      MockGroup.all
+    end
+
+end