scimitar 1.11.0 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5860adcfd6c793922be88ef8bb7bb878571e8fcd34ea89ead9d0278f09582cff
-  data.tar.gz: 2f7bf25e40156c0f006255c0c015f6302c8de39fc1634be789dba462d43f8c4a
+  metadata.gz: 95a2166cc921a400959f9d8d4398f6bf8ecb772f8d7a0a0a73950892e85d808a
+  data.tar.gz: cdf5aab3812f10f69c96304e738a150f4208850267527b66d36eeb99548d7b1f
 SHA512:
-  metadata.gz: 8047867c9365db25571693526e765d1a1a6b6d9cd17278f4bca2037815b5f9e0b9945390cc5ffba0228b9fabd3b15deae253519bbbe74ada2c262718d1c54989
-  data.tar.gz: 6ef777d96c932404c1ae0209804010fee98e993ce289d4eac09e0c8c3395b0de390fb423611d599fb6750a5d46e34545e0685e9563441fcc2d582fb5b6d1618f
+  metadata.gz: f0925517599b107e44fd93db9be142aebe608892c2c5069c50d22b353c51238290710474b062a002fdb010be3d783c4dea3b314f72f47b4aca3c2385a8fc1377
+  data.tar.gz: eef6eebfc64bb2d4adabfca110f26e3a6c9e227f47387da6fb384925899ddf0ae260cf68176f24040a6bb356cf34f6576c920bd44264d4a1fee415aeadc237e6

data/app/controllers/scimitar/active_record_backed_resources_controller.rb

@@ -1,3 +1,5 @@
+require_dependency "scimitar/application_controller"
+
 module Scimitar
 
   # An ActiveRecord-centric subclass of Scimitar::ResourcesController. See that
@@ -17,9 +19,7 @@ module Scimitar
   #
   class ActiveRecordBackedResourcesController < ResourcesController
 
-    rescue_from 'ActiveRecord::RecordNotFound', with: :handle_resource_not_found # See Scimitar::ApplicationController
-
-    before_action :obtain_id_column_name_from_attribute_map
+    rescue_from ActiveRecord::RecordNotFound, with: :handle_resource_not_found # See Scimitar::ApplicationController
 
     # GET (list)
     #
@@ -37,13 +37,12 @@ module Scimitar
       pagination_info = scim_pagination_info(query.count())
 
       page_of_results = query
-        .order(@id_column => :asc)
         .offset(pagination_info.offset)
         .limit(pagination_info.limit)
         .to_a()
 
       super(pagination_info, page_of_results) do | record |
-        record_to_scim(record)
+        record.to_scim(location: url_for(action: :show, id: record.id))
       end
     end
 
@@ -52,61 +51,45 @@ module Scimitar
     def show
       super do |record_id|
         record = self.find_record(record_id)
-        record_to_scim(record)
+        record.to_scim(location: url_for(action: :show, id: record_id))
       end
     end
 
     # POST (create)
     #
-    # Calls #save! on the new record if no block is given, else invokes the
-    # block, passing it the new ActiveRecord model instance to be saved. It
-    # is up to the block to make any further changes and persist the record.
-    #
-    # Blocks are invoked from within a wrapping database transaction.
-    # ActiveRecord::RecordInvalid exceptions are handled for you, rendering
-    # an appropriate SCIM error.
-    #
-    def create(&block)
+    def create
       super do |scim_resource|
         self.storage_class().transaction do
           record = self.storage_class().new
           record.from_scim!(scim_hash: scim_resource.as_json())
-          self.save!(record, &block)
-          record_to_scim(record)
+          self.save!(record)
+          record.to_scim(location: url_for(action: :show, id: record.id))
         end
       end
     end
 
     # PUT (replace)
     #
-    # Calls #save! on the updated record if no block is given, else invokes the
-    # block, passing the updated record which the block must persist, with the
-    # same rules as for #create.
-    #
-    def replace(&block)
+    def replace
       super do |record_id, scim_resource|
         self.storage_class().transaction do
           record = self.find_record(record_id)
           record.from_scim!(scim_hash: scim_resource.as_json())
-          self.save!(record, &block)
-          record_to_scim(record)
+          self.save!(record)
+          record.to_scim(location: url_for(action: :show, id: record.id))
         end
       end
     end
 
     # PATCH (update)
     #
-    # Calls #save! on the updated record if no block is given, else invokes the
-    # block, passing the updated record which the block must persist, with the
-    # same rules as for #create.
-    #
-    def update(&block)
+    def update
       super do |record_id, patch_hash|
         self.storage_class().transaction do
           record = self.find_record(record_id)
           record.from_scim_patch!(patch_hash: patch_hash)
-          self.save!(record, &block)
-          record_to_scim(record)
+          self.save!(record)
+          record.to_scim(location: url_for(action: :show, id: record.id))
         end
       end
     end
@@ -148,46 +131,19 @@ module Scimitar
         raise NotImplementedError
       end
 
-      # Return an Array of exceptions that #save! can rescue and handle with a
-      # SCIM error automatically.
-      #
-      def scimitar_rescuable_exceptions
-        [
-          ActiveRecord::RecordInvalid,
-          ActiveRecord::RecordNotSaved,
-          ActiveRecord::RecordNotUnique,
-        ]
-      end
-
       # Find a record by ID. Subclasses can override this if they need special
       # lookup behaviour.
       #
       # +record_id+:: Record ID (SCIM schema 'id' value - "our" ID).
       #
       def find_record(record_id)
-        self.storage_scope().find_by!(@id_column => record_id)
-      end
-
-      # DRY up controller actions - pass a record; returns the SCIM
-      # representation, with a "show" location specified via #url_for.
-      #
-      def record_to_scim(record)
-        record.to_scim(
-          location: url_for(action: :show, id: record.send(@id_column)),
-          include_attributes: params.fetch(:attributes, "").split(",")
-        )
+        self.storage_scope().find(record_id)
       end
 
       # Save a record, dealing with validation exceptions by raising SCIM
       # errors.
       #
-      # +record+:: ActiveRecord subclass to save.
-      #
-      # If you just let this superclass handle things, it'll call the standard
-      # +#save!+ method on the record. If you pass a block, then this block is
-      # invoked and passed the ActiveRecord model instance to be saved. You can
-      # then do things like calling a different method, using a service object
-      # of some kind, perform audit-related operations and so-on.
+      # +record+:: ActiveRecord subclass to save (via #save!).
       #
       # The return value is not used internally, making life easier for
       # overriding subclasses to "do the right thing" / avoid mistakes (instead
@@ -195,31 +151,11 @@ module Scimitar
       # and relying upon this to generate correct response payloads - an early
       # version of the gem did this and it caused a confusing subclass bug).
       #
-      def save!(record, &block)
-        if block_given?
-          yield(record)
-        else
-          record.save!
-        end
-      rescue *self.scimitar_rescuable_exceptions() => exception
-        handle_on_save_exception(record, exception)
-      end
+      def save!(record)
+        record.save!
 
-      # Deal with exceptions related to errors upon saving, by responding with
-      # an appropriate SCIM error. This is most effective if the record has
-      # validation errors defined, but falls back to the provided exception's
-      # message otherwise.
-      #
-      # +record+::    The record that provoked the exception. Mandatory.
-      # +exception+:: The exception that was raised. If omitted, a default of
-      #               'Unknown', in English with no I18n, is used.
-      #
-      def handle_on_save_exception(record, exception = RuntimeError.new('Unknown'))
-        details = if record.errors.present?
-          record.errors.full_messages.join('; ')
-        else
-          exception.message
-        end
+      rescue ActiveRecord::RecordInvalid => exception
+        joined_errors = record.errors.full_messages.join('; ')
 
         # https://tools.ietf.org/html/rfc7644#page-12
         #
@@ -229,27 +165,16 @@ module Scimitar
         #   status code 409 (Conflict) with a "scimType" error code of
         #   "uniqueness"
         #
-        if exception.is_a?(ActiveRecord::RecordNotUnique) || record.errors.any? { | e | e.type == :taken }
+        if record.errors.any? { | e | e.type == :taken }
           raise Scimitar::ErrorResponse.new(
             status:   409,
             scimType: 'uniqueness',
-            detail:   "Operation failed due to a uniqueness constraint: #{details}"
+            detail:   joined_errors
           )
         else
-          raise Scimitar::ResourceInvalidError.new(details)
+          raise Scimitar::ResourceInvalidError.new(joined_errors)
         end
       end
 
-      # Called via +before_action+ - stores in @id_column the name of whatever
-      # model column is used to store the record ID, via
-      # Scimitar::Resources::Mixin::scim_attributes_map.
-      #
-      # Default is <tt>:id</tt>.
-      #
-      def obtain_id_column_name_from_attribute_map
-        attrs      = storage_class().scim_attributes_map() || {}
-        @id_column = attrs[:id] || :id
-      end
-
   end
 end

data/app/controllers/scimitar/application_controller.rb

@@ -9,6 +9,10 @@ module Scimitar
     before_action :add_mandatory_response_headers
     before_action :authenticate
 
+    if Scimitar.engine_configuration.application_controller_mixin
+      include Scimitar.engine_configuration.application_controller_mixin
+    end
+
     # =========================================================================
     # PROTECTED INSTANCE METHODS
     # =========================================================================
@@ -21,11 +25,10 @@ module Scimitar
       #
       # ...to "globally" invoke this handler if you wish.
       #
-      # +exception+:: Exception instance, used for a configured error reporter
-      #               via #handle_scim_error (if present).
+      # +_exception+:: Exception instance (currently unused).
       #
-      def handle_resource_not_found(exception)
-        handle_scim_error(NotFoundError.new(params[:id]), exception)
+      def handle_resource_not_found(_exception)
+        handle_scim_error(NotFoundError.new(params[:id]))
       end
 
       # This base controller uses:
@@ -35,22 +38,9 @@ module Scimitar
       # ...to "globally" invoke this handler for all Scimitar errors (including
       # subclasses).
       #
-      # Mandatory parameters are:
-      #
       # +error_response+:: Scimitar::ErrorResponse (or subclass) instance.
       #
-      # Optional parameters are:
-      #
-      # *exception+:: If a Ruby exception was the reason this method is being
-      #               called, pass it here. Any configured exception reporting
-      #               mechanism will be invokved with the given parameter.
-      #               Otherwise, the +error_response+ value is reported.
-      #
-      def handle_scim_error(error_response, exception = error_response)
-        unless Scimitar.engine_configuration.exception_reporter.nil?
-          Scimitar.engine_configuration.exception_reporter.call(exception)
-        end
-
+      def handle_scim_error(error_response)
         render json: error_response, status: error_response.status
       end
 
@@ -65,7 +55,7 @@ module Scimitar
       # +exception+:: Exception instance.
       #
       def handle_bad_json_error(exception)
-        handle_scim_error(ErrorResponse.new(status: 400, detail: "Invalid JSON - #{exception.message}"), exception)
+        handle_scim_error(ErrorResponse.new(status: 400, detail: "Invalid JSON - #{exception.message}"))
       end
 
       # This base controller uses:
@@ -78,7 +68,7 @@ module Scimitar
       #
       def handle_unexpected_error(exception)
         Rails.logger.error("#{exception.message}\n#{exception.backtrace}")
-        handle_scim_error(ErrorResponse.new(status: 500, detail: exception.message), exception)
+        handle_scim_error(ErrorResponse.new(status: 500, detail: exception.message))
       end
 
     # =========================================================================
@@ -92,17 +82,12 @@ module Scimitar
       # request and subclass processing.
       #
       def require_scim
-        scim_mime_type = Mime::Type.lookup_by_extension(:scim).to_s
-
-        if request.media_type.nil? || request.media_type.empty?
-          request.format = :scim
-          request.headers['CONTENT_TYPE'] = scim_mime_type
-        elsif request.media_type.downcase == scim_mime_type
+        if request.content_type&.downcase == Mime::Type.lookup_by_extension(:scim).to_s
           request.format = :scim
         elsif request.format == :scim
-          request.headers['CONTENT_TYPE'] = scim_mime_type
+          request.headers['CONTENT_TYPE'] = Mime::Type.lookup_by_extension(:scim).to_s
         else
-          handle_scim_error(ErrorResponse.new(status: 406, detail: "Only #{scim_mime_type} type is accepted."))
+          handle_scim_error(ErrorResponse.new(status: 406, detail: "Only #{Mime::Type.lookup_by_extension(:scim)} type is accepted."))
         end
       end
 
@@ -120,13 +105,8 @@ module Scimitar
         #
         # https://stackoverflow.com/questions/10239970/what-is-the-delimiter-for-www-authenticate-for-multiple-schemes
         #
-        response.set_header('WWW-Authenticate', 'Basic' ) if Scimitar.engine_configuration.basic_authenticator.present?
-        response.set_header('WWW-Authenticate', 'Bearer') if Scimitar.engine_configuration.token_authenticator.present?
-
-        # No matter what a caller might request via headers, the only content
-        # type we can ever respond with is JSON-for-SCIM.
-        #
-        response.set_header('Content-Type', "#{Mime::Type.lookup_by_extension(:scim)}; charset=utf-8")
+        response.set_header('WWW_AUTHENTICATE', 'Basic' ) if Scimitar.engine_configuration.basic_authenticator.present?
+        response.set_header('WWW_AUTHENTICATE', 'Bearer') if Scimitar.engine_configuration.token_authenticator.present?
       end
 
       def authenticate
@@ -135,22 +115,15 @@ module Scimitar
 
       def authenticated?
         result = if Scimitar.engine_configuration.basic_authenticator.present?
-          authenticate_with_http_basic do |username, password|
-            instance_exec(username, password, &Scimitar.engine_configuration.basic_authenticator)
-          end
+          authenticate_with_http_basic(&Scimitar.engine_configuration.basic_authenticator)
         end
 
         result ||= if Scimitar.engine_configuration.token_authenticator.present?
-          authenticate_with_http_token do |token, options|
-            instance_exec(token, options, &Scimitar.engine_configuration.token_authenticator)
-          end
+          authenticate_with_http_token(&Scimitar.engine_configuration.token_authenticator)
         end
 
         return result
       end
 
-    if Scimitar.engine_configuration.application_controller_mixin
-      include Scimitar.engine_configuration.application_controller_mixin
-    end
   end
 end

data/app/controllers/scimitar/resource_types_controller.rb

@@ -1,3 +1,5 @@
+require_dependency "scimitar/application_controller"
+
 module Scimitar
   class ResourceTypesController < ApplicationController
     def index
@@ -5,13 +7,7 @@ module Scimitar
         resource.resource_type(scim_resource_type_url(name: resource.resource_type_id))
       end
 
-      render json: {
-        schemas: [
-            'urn:ietf:params:scim:api:messages:2.0:ListResponse'
-        ],
-        totalResults: resource_types.size,
-        Resources:    resource_types
-      }
+      render json: resource_types
     end
 
     def show

data/app/controllers/scimitar/resources_controller.rb

@@ -1,3 +1,5 @@
+require_dependency "scimitar/application_controller"
+
 module Scimitar
 
   # A Rails controller which is mostly idiomatic, with #index, #show, #create