scimitar 1.5.0 → 1.5.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dd0d129e52cd7cbe3fe52fec4c4033cd45f4d2071da5d495863b1f3f78685fd5
-  data.tar.gz: 5531cdfc4786043513f9539c2fce43bfdebbec26a6e9964d93b13c6ea00710b0
+  metadata.gz: 6d57cfdaba9d48c6c193fb74baafc7c6e26c004a5a634460bc2f9ec94ad0440e
+  data.tar.gz: 8ff5ffbabe01c86822bd2c1dc85c535bf95b197cbc41920a995aa1801d239f32
 SHA512:
-  metadata.gz: d1914b8fe68cdc6077369f22a03f7e688790f5b239738e18508e0aeaa68055ee1e197ebc4fe8b512903d07b926de64d64817b26c6ef9b9ace2594abc85f01e62
-  data.tar.gz: de0d305d512d646f43e581b5116c2f316eaa2b9ddb0426f1b12522a668e2a7c811a5e9d6aee82e82fadb534b5e1a5cacca303701a7f7d1791de188d73b55740c
+  metadata.gz: 91f6cba011c909de21f7c391dbfc5b18a30b7ef9cf81d9f43842452fa021484f55623034be386af6242e9a1a82efa9ef9436d8b5c17248bf0b9384587fecb50b
+  data.tar.gz: e72e91fa8c3dd85df64b806dd3e6cb2b4d2460b33cb7d3c241bc64e8557adbccff9e3071fd18fab676ffdcd2a8c7f375512f85919e6ba10601021d127097bef0

data/app/controllers/scimitar/application_controller.rb

@@ -99,10 +99,10 @@ module Scimitar
       def require_scim
         scim_mime_type = Mime::Type.lookup_by_extension(:scim).to_s
 
-        if request.content_type.nil?
+        if request.media_type.nil? || request.media_type.empty?
           request.format = :scim
           request.headers['CONTENT_TYPE'] = scim_mime_type
-        elsif request.content_type&.downcase == scim_mime_type
+        elsif request.media_type.downcase == scim_mime_type
           request.format = :scim
         elsif request.format == :scim
           request.headers['CONTENT_TYPE'] = scim_mime_type

data/app/models/scimitar/engine_configuration.rb

@@ -7,13 +7,17 @@ module Scimitar
   class EngineConfiguration
     include ActiveModel::Model
 
-    attr_accessor :basic_authenticator,
-                  :token_authenticator,
-                  :application_controller_mixin,
-                  :exception_reporter,
-                  :optional_value_fields_required
+    attr_accessor(
+      :uses_defaults,
+      :basic_authenticator,
+      :token_authenticator,
+      :application_controller_mixin,
+      :exception_reporter,
+      :optional_value_fields_required,
+    )
 
     def initialize(attributes = {})
+      @uses_defaults = attributes.empty?
 
       # Set defaults that may be overridden by the initializer.
       #

data/app/models/scimitar/resources/mixin.rb

@@ -443,9 +443,30 @@ module Scimitar
               ci_scim_hash = { 'root' => ci_scim_hash }.with_indifferent_case_insensitive_access()
             end
 
+            # Handle extension schema. Contributed by @bettysteger and
+            # @MorrisFreeman via:
+            #
+            #   https://github.com/RIPAGlobal/scimitar/issues/48
+            #   https://github.com/RIPAGlobal/scimitar/pull/49
+            #
+            # Note the ":" separating the schema ID (URN) from the attribute.
+            # The nature of JSON rendering / other payloads might lead you to
+            # expect a "." as with any complex types, but that's not the case;
+            # see https://tools.ietf.org/html/rfc7644#section-3.10, or
+            # https://tools.ietf.org/html/rfc7644#section-3.5.2 of which in
+            # particular, https://tools.ietf.org/html/rfc7644#page-35.
+            #
+            paths = []
+            self.class.scim_resource_type.extended_schemas.each do |schema|
+              path_str.downcase.split(schema.id.downcase + ':').drop(1).each do |path|
+                paths += [schema.id] + path.split('.')
+              end
+            end
+            paths = path_str.split('.') if paths.empty?
+
             self.from_patch_backend!(
               nature:        nature,
-              path:          (path_str || '').split('.'),
+              path:          paths,
               value:         value,
               altering_hash: ci_scim_hash
             )
@@ -616,7 +637,19 @@ module Scimitar
                 attrs_map_or_leaf_value.each do | scim_attribute, sub_attrs_map_or_leaf_value |
                   next if scim_attribute&.to_s&.downcase == 'id' && path.empty?
 
-                  sub_scim_hash_or_leaf_value = scim_hash_or_leaf_value&.dig(scim_attribute.to_s)
+                  # Handle extension schema. Contributed by @bettysteger and
+                  # @MorrisFreeman via:
+                  #
+                  #   https://github.com/RIPAGlobal/scimitar/issues/48
+                  #   https://github.com/RIPAGlobal/scimitar/pull/49
+                  #
+                  attribute_tree = []
+                  resource_class.extended_schemas.each do |schema|
+                    attribute_tree << schema.id and break if schema.scim_attributes.any? { |attribute| attribute.name == scim_attribute.to_s }
+                  end
+                  attribute_tree << scim_attribute.to_s
+
+                  sub_scim_hash_or_leaf_value = scim_hash_or_leaf_value&.dig(*attribute_tree)
 
                   self.from_scim_backend!(
                     attrs_map_or_leaf_value: sub_attrs_map_or_leaf_value,
@@ -914,7 +947,7 @@ module Scimitar
                 # which would imply "payload removes all users", there is the
                 # clear intent to remove just one.
                 #
-                # https://www.rfc-editor.org/rfc/rfc7644#section-3.5.2.2
+                # https://tools.ietf.org/html/rfc7644#section-3.5.2.2
                 # https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups#update-group-remove-members
                 #
                 # Since remove-all in the face of remove-one is destructive, we

data/app/models/scimitar/service_provider_configuration.rb

@@ -9,11 +9,22 @@ module Scimitar
   class ServiceProviderConfiguration
     include ActiveModel::Model
 
-    attr_accessor :patch, :bulk, :filter, :changePassword,
-      :sort, :etag, :authenticationSchemes,
-      :schemas, :meta
+    attr_accessor(
+      :uses_defaults,
+      :patch,
+      :bulk,
+      :filter,
+      :changePassword,
+      :sort,
+      :etag,
+      :authenticationSchemes,
+      :schemas,
+      :meta,
+    )
 
     def initialize(attributes = {})
+      @uses_defaults = attributes.empty?
+
       defaults = {
         bulk:           Supportable.unsupported,
         changePassword: Supportable.unsupported,

data/config/initializers/scimitar.rb

@@ -2,101 +2,105 @@
 #
 # For supporting information and rationale, please see README.md.
 
-# =============================================================================
-# SERVICE PROVIDER CONFIGURATION
-# =============================================================================
-#
-# This is a Ruby abstraction over a SCIM entity that declares the capabilities
-# supported by a particular implementation.
-#
-# Typically this is used to declare parts of the standard unsupported, if you
-# don't need them and don't want to provide subclass support.
-#
-Scimitar.service_provider_configuration = Scimitar::ServiceProviderConfiguration.new({
+Rails.application.config.to_prepare do # (required for >= Rails 7 / Zeitwerk)
 
-  # See https://tools.ietf.org/html/rfc7643#section-8.5 for properties.
+  # ===========================================================================
+  # SERVICE PROVIDER CONFIGURATION
+  # ===========================================================================
   #
-  # See Gem source file 'app/models/scimitar/service_provider_configuration.rb'
-  # for defaults. Define Hash keys here that override defaults; e.g. to declare
-  # that filters are not supported so that calling clients shouldn't use them:
+  # This is a Ruby abstraction over a SCIM entity that declares the
+  # capabilities supported by a particular implementation.
   #
-  #   filter: Scimitar::Supported.unsupported
+  # Typically this is used to declare parts of the standard unsupported, if you
+  # don't need them and don't want to provide subclass support.
+  #
+  Scimitar.service_provider_configuration = Scimitar::ServiceProviderConfiguration.new({
 
-})
+    # See https://tools.ietf.org/html/rfc7643#section-8.5 for properties.
+    #
+    # See Gem file 'app/models/scimitar/service_provider_configuration.rb'
+    # for defaults. Define Hash keys here that override defaults; e.g. to
+    # declare that filters are not supported so that calling clients shouldn't
+    # use them:
+    #
+    #   filter: Scimitar::Supported.unsupported
 
-# =============================================================================
-# ENGINE CONFIGURATION
-# =============================================================================
-#
-# This is where you provide callbacks for things like authorisation or mixins
-# that get included into all Scimitar-derived controllers (for things like
-# before-actions that apply to all Scimitar controller-based routes).
-#
-Scimitar.engine_configuration = Scimitar::EngineConfiguration.new({
+  })
 
-  # If you have filters you want to run for any Scimitar action/route, you can
-  # define them here. For example, you might use a before-action to set up some
-  # multi-tenancy related state, or skip Rails CSRF token verification/
-  #
-  # For example:
-  #
-  #     application_controller_mixin: Module.new do
-  #       def self.included(base)
-  #         base.class_eval do
+  # ===========================================================================
+  # ENGINE CONFIGURATION
+  # ===========================================================================
   #
-  #           # Anything here is written just as you'd write it at the top of
-  #           # one of your controller classes, but it gets included in all
-  #           # Scimitar classes too.
+  # This is where you provide callbacks for things like authorisation or mixins
+  # that get included into all Scimitar-derived controllers (for things like
+  # before-actions that apply to all Scimitar controller-based routes).
   #
-  #           skip_before_action    :verify_authenticity_token
-  #           prepend_before_action :setup_some_kind_of_multi_tenancy_data
-  #         end
-  #       end
-  #     end, # ...other configuration entries might follow...
+  Scimitar.engine_configuration = Scimitar::EngineConfiguration.new({
 
-  # If you want to support username/password authentication:
-  #
-  #     basic_authenticator: Proc.new do | username, password |
-  #       # Check username/password and return 'true' if valid, else 'false'.
-  #     end, # ...other configuration entries might follow...
-  #
-  # The 'username' and 'password' parameters come from Rails:
-  #
-  #   https://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Basic.html
-  #   https://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Basic/ControllerMethods.html#method-i-authenticate_with_http_basic
+    # If you have filters you want to run for any Scimitar action/route, you
+    # can define them here. For example, you might use a before-action to set
+    # up some multi-tenancy related state, or skip Rails CSRF token
+    # verification. For example:
+    #
+    #     application_controller_mixin: Module.new do
+    #       def self.included(base)
+    #         base.class_eval do
+    #
+    #           # Anything here is written just as you'd write it at the top of
+    #           # one of your controller classes, but it gets included in all
+    #           # Scimitar classes too.
+    #
+    #           skip_before_action    :verify_authenticity_token
+    #           prepend_before_action :setup_some_kind_of_multi_tenancy_data
+    #         end
+    #       end
+    #     end, # ...other configuration entries might follow...
 
-  # If you want to support HTTP bearer token (OAuth-style) authentication:
-  #
-  #     token_authenticator: Proc.new do | token, options |
-  #       # Check token and return 'true' if valid, else 'false'.
-  #     end, # ...other configuration entries might follow...
-  #
-  # The 'token' and 'options' parameters come from Rails:
-  #
-  #   https://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token.html
-  #   https://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token/ControllerMethods.html#method-i-authenticate_with_http_token
-  #
-  # Note that both basic and token authentication can be declared, with the
-  # parameters in the inbound HTTP request determining which is invoked.
+    # If you want to support username/password authentication:
+    #
+    #     basic_authenticator: Proc.new do | username, password |
+    #       # Check username/password and return 'true' if valid, else 'false'.
+    #     end, # ...other configuration entries might follow...
+    #
+    # The 'username' and 'password' parameters come from Rails:
+    #
+    #   https://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Basic.html
+    #   https://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Basic/ControllerMethods.html#method-i-authenticate_with_http_basic
 
-  # Scimitar rescues certain error cases and exceptions, in order to return a
-  # JSON response to the API caller. If you want exceptions to also be
-  # reported to a third party system such as sentry.io or raygun.com, you can
-  # configure a Proc to do so. It is passed a Ruby exception subclass object.
-  # For example, a minimal sentry.io reporter might do this:
-  #
-  #     exception_reporter: Proc.new do | exception |
-  #       Sentry.capture_exception(exception)
-  #     end
-  #
-  # You will still need to configure your reporting system according to its
-  # documentation (e.g. via a Rails "config/initializers/<foo>.rb" file).
+    # If you want to support HTTP bearer token (OAuth-style) authentication:
+    #
+    #     token_authenticator: Proc.new do | token, options |
+    #       # Check token and return 'true' if valid, else 'false'.
+    #     end, # ...other configuration entries might follow...
+    #
+    # The 'token' and 'options' parameters come from Rails:
+    #
+    #   https://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token.html
+    #   https://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token/ControllerMethods.html#method-i-authenticate_with_http_token
+    #
+    # Note that both basic and token authentication can be declared, with the
+    # parameters in the inbound HTTP request determining which is invoked.
 
-  # Scimilar treats "VDTP" (Value, Display, Type, Primary) attribute values,
-  # used for e.g. e-mail addresses or phone numbers, as required by default.
-  # If you encounter a service which calls these with e.g. "null" value data,
-  # you can configure all values to be optional. You'll need to deal with
-  # whatever that means for you receiving system in your model code.
-  #
-  #     optional_value_fields_required: false
-})
+    # Scimitar rescues certain error cases and exceptions, in order to return a
+    # JSON response to the API caller. If you want exceptions to also be
+    # reported to a third party system such as sentry.io or raygun.com, you can
+    # configure a Proc to do so. It is passed a Ruby exception subclass object.
+    # For example, a minimal sentry.io reporter might do this:
+    #
+    #     exception_reporter: Proc.new do | exception |
+    #       Sentry.capture_exception(exception)
+    #     end
+    #
+    # You will still need to configure your reporting system according to its
+    # documentation (e.g. via a Rails "config/initializers/<foo>.rb" file).
+
+    # Scimilar treats "VDTP" (Value, Display, Type, Primary) attribute values,
+    # used for e.g. e-mail addresses or phone numbers, as required by default.
+    # If you encounter a service which calls these with e.g. "null" value data,
+    # you can configure all values to be optional. You'll need to deal with
+    # whatever that means for you receiving system in your model code.
+    #
+    #     optional_value_fields_required: false
+  })
+
+end

data/lib/scimitar/version.rb

@@ -3,11 +3,11 @@ module Scimitar
   # Gem version. If this changes, be sure to re-run "bundle install" or
   # "bundle update".
   #
-  VERSION = '1.5.0'
+  VERSION = '1.5.3'
 
   # Date for VERSION. If this changes, be sure to re-run "bundle install"
   # or "bundle update".
   #
-  DATE = '2023-01-27'
+  DATE = '2023-09-16'
 
 end

data/lib/scimitar.rb

@@ -4,7 +4,9 @@ require 'scimitar/engine'
 
 module Scimitar
   def self.service_provider_configuration=(custom_configuration)
-    @service_provider_configuration = custom_configuration
+    if @service_provider_configuration.nil? || ! custom_configuration.uses_defaults
+      @service_provider_configuration = custom_configuration
+    end
   end
 
   def self.service_provider_configuration(location:)
@@ -14,11 +16,25 @@ module Scimitar
   end
 
   def self.engine_configuration=(custom_configuration)
-    @engine_configuration = custom_configuration
+    if @engine_configuration.nil? || ! custom_configuration.uses_defaults
+      @engine_configuration = custom_configuration
+    end
   end
 
   def self.engine_configuration
     @engine_configuration ||= EngineConfiguration.new
     @engine_configuration
   end
+
+  # Set in a "Rails.application.config.to_prepare" block by Scimitar itself to
+  # establish default values. Older Scimitar client applications might not use
+  # that wrapper; we don't want to overwrite settings they configured, but we
+  # *do* want to let them overwrite the defaults. Thus, '||=" is used here but
+  # not in ::service_provider_configuration=.
+  #
+  # Client applications should not call this method themselves.
+  #
+  def self.default_service_provider_configuration(default_configuration)
+    @service_provider_configuration ||= custom_configuration
+  end
 end

data/spec/apps/dummy/app/models/mock_user.rb

@@ -13,6 +13,8 @@ class MockUser < ActiveRecord::Base
     work_email_address
     home_email_address
     work_phone_number
+    organization
+    department
   }
 
   has_and_belongs_to_many :mock_groups
@@ -82,7 +84,13 @@ class MockUser < ActiveRecord::Base
           }
         }
       ],
-      active: :is_active
+      active: :is_active,
+
+      # Custom extension schema - see configuration in
+      # "spec/apps/dummy/config/initializers/scimitar.rb".
+      #
+      organization: :organization,
+      department:   :department
     }
   end
 

data/spec/apps/dummy/config/initializers/scimitar.rb

@@ -1,5 +1,22 @@
 # Test app configuration.
 #
+# Note that as a result of https://github.com/RIPAGlobal/scimitar/issues/48,
+# tests include a custom extension of the core User schema. A shortcoming of
+# some of the code from which Scimitar was originally built is that those
+# extensions are done with class-level ivars, so it is largely impossible (or
+# at least, impractical in tests) to avoid polluting the core class itself
+# with the extension.
+#
+# All related schema tests are written with this in mind.
+#
+# Further, https://github.com/RIPAGlobal/scimitar/pull/54 fixed warning
+# messages in a way that worked on Rails 6+ but, for V1 Scimitar, it would
+# break existing working setups that didn't use the +to_prepare+ wrapper. Their
+# application configuration would be written *first* but then *overwritten* by
+# the default +to_prepare+ block in Scimitar itself, since that runs later. The
+# file below does *not* use +to_prepare+ in order to test the workaround that
+# was produced; it should work on all Ruby versions as-is.
+#
 Scimitar.engine_configuration = Scimitar::EngineConfiguration.new({
 
   application_controller_mixin: Module.new do
@@ -12,3 +29,31 @@ Scimitar.engine_configuration = Scimitar::EngineConfiguration.new({
   end
 
 })
+
+module ScimSchemaExtensions
+  module User
+    class Enterprise < Scimitar::Schema::Base
+      def initialize(options = {})
+        super(
+          name:            'ExtendedUser',
+          description:     'Enterprise extension for a User',
+          id:              self.class.id,
+          scim_attributes: self.class.scim_attributes
+        )
+      end
+
+      def self.id
+        'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'
+      end
+
+      def self.scim_attributes
+        [
+          Scimitar::Schema::Attribute.new(name: 'organization', type: 'string'),
+          Scimitar::Schema::Attribute.new(name: 'department',   type: 'string')
+        ]
+      end
+    end
+  end
+end
+
+Scimitar::Resources::User.extend_schema ScimSchemaExtensions::User::Enterprise

data/spec/apps/dummy/db/migrate/20210304014602_create_mock_users.rb

@@ -3,6 +3,8 @@ class CreateMockUsers < ActiveRecord::Migration[6.1]
     create_table :mock_users, id: :uuid, primary_key: :primary_key do |t|
       t.timestamps
 
+      # Support part of the core schema
+      #
       t.text :scim_uid
       t.text :username
       t.text :first_name
@@ -10,6 +12,12 @@ class CreateMockUsers < ActiveRecord::Migration[6.1]
       t.text :work_email_address
       t.text :home_email_address
       t.text :work_phone_number
+
+      # Support the custom extension schema - see configuration in
+      # "spec/apps/dummy/config/initializers/scimitar.rb".
+      #
+      t.text :organization
+      t.text :department
     end
   end
 end

data/spec/apps/dummy/db/schema.rb

@@ -39,6 +39,8 @@ ActiveRecord::Schema.define(version: 2021_03_08_044214) do
     t.text "work_email_address"
     t.text "home_email_address"
     t.text "work_phone_number"
+    t.text "organization"
+    t.text "department"
   end
 
   add_foreign_key "mock_groups_users", "mock_groups"

data/spec/controllers/scimitar/schemas_controller_spec.rb

@@ -14,9 +14,9 @@ RSpec.describe Scimitar::SchemasController do
       get :index, params: { format: :scim }
       expect(response).to be_ok
       parsed_body = JSON.parse(response.body)
-      expect(parsed_body.length).to eql(2)
+      expect(parsed_body.length).to eql(3)
       schema_names = parsed_body.map {|schema| schema['name']}
-      expect(schema_names).to match_array(['User', 'Group'])
+      expect(schema_names).to match_array(['User', 'ExtendedUser', 'Group'])
     end
 
     it 'returns only the User schema when its id is provided' do

data/spec/models/scimitar/resources/base_spec.rb

@@ -250,90 +250,185 @@ RSpec.describe Scimitar::Resources::Base do
   end # "context 'dynamic setters based on schema' do"
 
   context 'schema extension' do
-    ThirdCustomSchema = Class.new(Scimitar::Schema::Base) do
-      def self.id
-        'custom-id'
-      end
+    context 'of custom schema' do
+      ThirdCustomSchema = Class.new(Scimitar::Schema::Base) do
+        def self.id
+          'custom-id'
+        end
 
-      def self.scim_attributes
-        [ Scimitar::Schema::Attribute.new(name: 'name', type: 'string') ]
+        def self.scim_attributes
+          [ Scimitar::Schema::Attribute.new(name: 'name', type: 'string') ]
+        end
       end
-    end
 
-    ExtensionSchema = Class.new(Scimitar::Schema::Base) do
-      def self.id
-        'extension-id'
-      end
+      ExtensionSchema = Class.new(Scimitar::Schema::Base) do
+        def self.id
+          'extension-id'
+        end
 
-      def self.scim_attributes
-        [ Scimitar::Schema::Attribute.new(name: 'relationship', type: 'string', required: true) ]
+        def self.scim_attributes
+          [ Scimitar::Schema::Attribute.new(name: 'relationship', type: 'string', required: true) ]
+        end
       end
-    end
 
-    let(:resource_class) {
-      Class.new(Scimitar::Resources::Base) do
-        set_schema ThirdCustomSchema
-        extend_schema ExtensionSchema
+      let(:resource_class) {
+        Class.new(Scimitar::Resources::Base) do
+          set_schema ThirdCustomSchema
+          extend_schema ExtensionSchema
 
-        def self.endpoint
-          '/gaga'
+          def self.endpoint
+            '/gaga'
+          end
+
+          def self.resource_type_id
+            'CustomResource'
+          end
         end
+      }
 
-        def self.resource_type_id
-          'CustomResource'
+      context '#initialize' do
+        it 'allows setting extension attributes' do
+          resource = resource_class.new('extension-id' => {relationship: 'GAGA'})
+          expect(resource.relationship).to eql('GAGA')
         end
-      end
-    }
+      end # "context '#initialize' do"
+
+      context '#as_json' do
+        it 'namespaces the extension attributes' do
+          resource = resource_class.new(relationship: 'GAGA')
+          hash = resource.as_json
+          expect(hash["schemas"]).to eql(['custom-id', 'extension-id'])
+          expect(hash["extension-id"]).to eql("relationship" => 'GAGA')
+        end
+      end # "context '#as_json' do"
 
-    context '#initialize' do
-      it 'allows setting extension attributes' do
-        resource = resource_class.new('extension-id' => {relationship: 'GAGA'})
-        expect(resource.relationship).to eql('GAGA')
-      end
-    end # "context '#initialize' do"
+      context '.resource_type' do
+        it 'appends the extension schemas' do
+          resource_type = resource_class.resource_type('http://gaga')
+          expect(resource_type.meta.location).to eql('http://gaga')
+          expect(resource_type.schemaExtensions.count).to eql(1)
+        end
 
-    context '#as_json' do
-      it 'namespaces the extension attributes' do
-        resource = resource_class.new(relationship: 'GAGA')
-        hash = resource.as_json
-        expect(hash["schemas"]).to eql(['custom-id', 'extension-id'])
-        expect(hash["extension-id"]).to eql("relationship" => 'GAGA')
-      end
-    end # "context '#as_json' do"
+        context 'validation' do
+          it 'validates into custom schema' do
+            resource = resource_class.new('extension-id' => {})
+            expect(resource.valid?).to eql(false)
 
-    context '.resource_type' do
-      it 'appends the extension schemas' do
-        resource_type = resource_class.resource_type('http://gaga')
-        expect(resource_type.meta.location).to eql('http://gaga')
-        expect(resource_type.schemaExtensions.count).to eql(1)
-      end
+            resource = resource_class.new('extension-id' => {relationship: 'GAGA'})
+            expect(resource.relationship).to eql('GAGA')
+            expect(resource.valid?).to eql(true)
+          end
+        end # context 'validation'
+      end # "context '.resource_type' do"
 
-      context 'validation' do
-        it 'validates into custom schema' do
-          resource = resource_class.new('extension-id' => {})
-          expect(resource.valid?).to eql(false)
+      context '.find_attribute' do
+        it 'finds in first schema' do
+          found = resource_class().find_attribute('name') # Defined in ThirdCustomSchema
+          expect(found).to be_present
+          expect(found.name).to eql('name')
+          expect(found.type).to eql('string')
+        end
 
-          resource = resource_class.new('extension-id' => {relationship: 'GAGA'})
-          expect(resource.relationship).to eql('GAGA')
-          expect(resource.valid?).to eql(true)
+        it 'finds across schemas' do
+          found = resource_class().find_attribute('relationship') # Defined in ExtensionSchema
+          expect(found).to be_present
+          expect(found.name).to eql('relationship')
+          expect(found.type).to eql('string')
         end
-      end # context 'validation'
-    end # "context '.resource_type' do"
+      end # "context '.find_attribute' do"
+    end # "context 'of custom schema' do"
 
-    context '.find_attribute' do
-      it 'finds in first schema' do
-        found = resource_class().find_attribute('name') # Defined in ThirdCustomSchema
-        expect(found).to be_present
-        expect(found.name).to eql('name')
-        expect(found.type).to eql('string')
-      end
+    context 'of core schema' do
+      EnterpriseExtensionSchema = Class.new(Scimitar::Schema::Base) do
+        def self.id
+          'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'
+        end
 
-      it 'finds across schemas' do
-        found = resource_class().find_attribute('relationship') # Defined in ExtensionSchema
-        expect(found).to be_present
-        expect(found.name).to eql('relationship')
-        expect(found.type).to eql('string')
+        def self.scim_attributes
+          [
+            Scimitar::Schema::Attribute.new(name: 'organization', type: 'string'),
+            Scimitar::Schema::Attribute.new(name: 'department',   type: 'string')
+          ]
+        end
       end
-    end # "context '.find_attribute' do"
+
+      let(:resource_class) {
+        Class.new(Scimitar::Resources::Base) do
+          set_schema Scimitar::Schema::User
+          extend_schema EnterpriseExtensionSchema
+
+          def self.endpoint
+            '/Users'
+          end
+
+          def self.resource_type_id
+            'User'
+          end
+        end
+      }
+
+      context '#initialize' do
+        it 'allows setting extension attributes' do
+          resource = resource_class.new('urn:ietf:params:scim:schemas:extension:enterprise:2.0:User' => {organization: 'SOMEORG', department: 'SOMEDPT'})
+
+          expect(resource.organization).to eql('SOMEORG')
+          expect(resource.department  ).to eql('SOMEDPT')
+        end
+      end # "context '#initialize' do"
+
+      context '#as_json' do
+        it 'namespaces the extension attributes' do
+          resource = resource_class.new(organization: 'SOMEORG', department: 'SOMEDPT')
+          hash = resource.as_json
+
+          expect(hash['schemas']).to eql(['urn:ietf:params:scim:schemas:core:2.0:User', 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'])
+          expect(hash['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User']).to eql('organization' => 'SOMEORG', 'department' => 'SOMEDPT')
+        end
+      end # "context '#as_json' do"
+
+      context '.resource_type' do
+        it 'appends the extension schemas' do
+          resource_type = resource_class.resource_type('http://example.com')
+          expect(resource_type.meta.location).to eql('http://example.com')
+          expect(resource_type.schemaExtensions.count).to eql(1)
+        end
+
+        context 'validation' do
+          it 'validates into custom schema' do
+            resource = resource_class.new('urn:ietf:params:scim:schemas:extension:enterprise:2.0:User' => {})
+            expect(resource.valid?).to eql(false)
+
+            resource = resource_class.new(
+              'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User' => {
+                userName:     'SOMEUSR',
+                organization: 'SOMEORG',
+                department:   'SOMEDPT'
+              }
+            )
+
+            expect(resource.organization).to eql('SOMEORG')
+            expect(resource.department  ).to eql('SOMEDPT')
+            expect(resource.valid?      ).to eql(true)
+          end
+        end # context 'validation'
+      end # "context '.resource_type' do"
+
+      context '.find_attribute' do
+        it 'finds in first schema' do
+          found = resource_class().find_attribute('userName') # Defined in Scimitar::Schema::User
+
+          expect(found).to be_present
+          expect(found.name).to eql('userName')
+          expect(found.type).to eql('string')
+        end
+
+        it 'finds across schemas' do
+          found = resource_class().find_attribute('organization') # Defined in EnterpriseExtensionSchema
+          expect(found).to be_present
+          expect(found.name).to eql('organization')
+          expect(found.type).to eql('string')
+        end
+      end # "context '.find_attribute' do"
+    end # "context 'of core schema' do"
   end # "context 'schema extension' do"
 end

data/spec/models/scimitar/resources/mixin_spec.rb

@@ -172,6 +172,7 @@ RSpec.describe Scimitar::Resources::Mixin do
           instance.work_email_address = 'foo.bar@test.com'
           instance.home_email_address = nil
           instance.work_phone_number  = '+642201234567'
+          instance.organization       = 'SOMEORG'
 
           g1 = MockGroup.create!(display_name: 'Group 1')
           g2 = MockGroup.create!(display_name: 'Group 2')
@@ -194,7 +195,12 @@ RSpec.describe Scimitar::Resources::Mixin do
             'externalId'  => 'AA02984',
             'groups'      => [{'display'=>g1.display_name, 'value'=>g1.id.to_s}, {'display'=>g3.display_name, 'value'=>g3.id.to_s}],
             'meta'        => {'location'=>"https://test.com/mock_users/#{uuid}", 'resourceType'=>'User'},
-            'schemas'     => ['urn:ietf:params:scim:schemas:core:2.0:User']
+            'schemas'     => ['urn:ietf:params:scim:schemas:core:2.0:User', 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'],
+
+            'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User' => {
+              'organization' => 'SOMEORG',
+              'department'   => nil
+            }
           })
         end
       end # "context 'with a UUID, renamed primary key column' do"
@@ -318,7 +324,9 @@ RSpec.describe Scimitar::Resources::Mixin do
               ],
 
               'meta'    => {'location'=>'https://test.com/static_map_test', 'resourceType'=>'User'},
-              'schemas' => ['urn:ietf:params:scim:schemas:core:2.0:User']
+              'schemas' => ['urn:ietf:params:scim:schemas:core:2.0:User', 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'],
+
+              'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User' => {}
             })
           end
         end # "context 'using static mappings' do"
@@ -345,7 +353,9 @@ RSpec.describe Scimitar::Resources::Mixin do
               ],
 
               'meta'    => {'location'=>'https://test.com/dynamic_map_test', 'resourceType'=>'User'},
-              'schemas' => ['urn:ietf:params:scim:schemas:core:2.0:User']
+              'schemas' => ['urn:ietf:params:scim:schemas:core:2.0:User', 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'],
+
+              'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User' => {}
             })
           end
         end # "context 'using dynamic lists' do"
@@ -402,7 +412,12 @@ RSpec.describe Scimitar::Resources::Mixin do
               'id'           => '42', # Note, String
               'externalId'   => 'AA02984',
               'meta'         => {'location' => 'https://test.com/mock_users/42', 'resourceType' => 'User'},
-              'schemas'      => ['urn:ietf:params:scim:schemas:core:2.0:User']
+              'schemas'      => ['urn:ietf:params:scim:schemas:core:2.0:User', 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'],
+
+              'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User' => {
+                'organization' => 'SOMEORG',
+                'DEPARTMENT'   => 'SOMEDPT'
+              }
             }
 
             hash = spec_helper_hupcase(hash) if force_upper_case
@@ -418,6 +433,8 @@ RSpec.describe Scimitar::Resources::Mixin do
             expect(instance.work_email_address).to eql('foo.bar@test.com')
             expect(instance.home_email_address).to be_nil
             expect(instance.work_phone_number ).to eql('+642201234567')
+            expect(instance.organization      ).to eql('SOMEORG')
+            expect(instance.department        ).to eql('SOMEDPT')
           end
 
           it 'honouring read-write lists' do
@@ -704,6 +721,21 @@ RSpec.describe Scimitar::Resources::Mixin do
                 expect(scim_hash['name']['familyName']).to eql('Bar')
               end
 
+              it 'with schema extensions: overwrites' do
+                path      = [ 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User', 'organization' ]
+                scim_hash = { 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User' => { 'organization' => 'SOMEORG' } }.with_indifferent_case_insensitive_access()
+
+                @instance.send(
+                  :from_patch_backend!,
+                  nature:        'add',
+                  path:          path,
+                  value:         'OTHERORG',
+                  altering_hash: scim_hash
+                )
+
+                expect(scim_hash['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User']['organization' ]).to eql('OTHERORG')
+              end
+
               # For 'add', filter at end-of-path is nonsensical and not
               # supported by spec or Scimitar; we only test mid-path filters.
               #
@@ -892,6 +924,21 @@ RSpec.describe Scimitar::Resources::Mixin do
                 expect(scim_hash['name']['givenName']).to eql('Baz')
               end
 
+              it 'with schema extensions: adds' do
+                path      = [ 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User', 'organization' ]
+                scim_hash = {}.with_indifferent_case_insensitive_access()
+
+                @instance.send(
+                  :from_patch_backend!,
+                  nature:        'add',
+                  path:          path,
+                  value:         'SOMEORG',
+                  altering_hash: scim_hash
+                )
+
+                expect(scim_hash['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User']['organization' ]).to eql('SOMEORG')
+              end
+
               context 'with filter mid-path: adds' do
                 it 'by string match' do
                   path      = [ 'emails[type eq "work"]', 'value' ]
@@ -1233,7 +1280,7 @@ RSpec.describe Scimitar::Resources::Mixin do
 
               # What we expect:
               #
-              # https://www.rfc-editor.org/rfc/rfc7644#section-3.5.2.2
+              # https://tools.ietf.org/html/rfc7644#section-3.5.2.2
               # https://docs.snowflake.com/en/user-guide/scim-intro.html#patch-scim-v2-groups-id
               #
               # ...vs accounting for the unusual payloads we sometimes get,
@@ -2680,6 +2727,38 @@ RSpec.describe Scimitar::Resources::Mixin do
             expect(@instance.first_name).to eql('Baz')
           end
 
+          # Note odd ":" separating schema ID from first attribute, although
+          # the nature of JSON rendering / other payloads might lead you to
+          # expect a "." as with any other path component.
+          #
+          # Note the ":" separating the schema ID (URN) from the attribute.
+          # The nature of JSON rendering / other payloads might lead you to
+          # expect a "." as with any complex types, but that's not the case;
+          # see https://tools.ietf.org/html/rfc7644#section-3.10, or
+          # https://tools.ietf.org/html/rfc7644#section-3.5.2 of which in
+          # particular, https://tools.ietf.org/html/rfc7644#page-35.
+          #
+          it 'which updates attributes defined by extension schema' do
+            @instance.update!(department: 'SOMEDPT')
+
+            path = 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department'
+            path = path.upcase if force_upper_case
+
+            patch = {
+              'schemas'    => ['urn:ietf:params:scim:api:messages:2.0:PatchOp'],
+              'Operations' => [
+                {
+                  'op'    => 'replace',
+                  'path'  => path,
+                  'value' => 'OTHERDPT'
+                }
+              ]
+            }
+
+            @instance.from_scim_patch!(patch_hash: patch)
+            expect(@instance.department).to eql('OTHERDPT')
+          end
+
           it 'which updates with filter match' do
             @instance.update!(work_email_address: 'work@test.com', home_email_address: 'home@test.com')
 

data/spec/requests/active_record_backed_resources_controller_spec.rb

@@ -762,7 +762,7 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
         end
       end
 
-      # https://www.rfc-editor.org/rfc/rfc7644#section-3.5.2.2
+      # https://tools.ietf.org/html/rfc7644#section-3.5.2.2
       #
       context 'and using an RFC-compliant payload' do
         let(:removed_user) { @u2 }

data/spec/requests/application_controller_spec.rb

@@ -39,6 +39,16 @@ RSpec.describe Scimitar::ApplicationController do
       expect(parsed_body['request']['content_type']).to eql('application/scim+json')
     end
 
+    it 'translates Content-Type with charset to Rails request format' do
+      get '/CustomRequestVerifiers', headers: { 'CONTENT_TYPE' => 'application/scim+json; charset=utf-8' }
+
+      expect(response).to have_http_status(:ok)
+      parsed_body = JSON.parse(response.body)
+      expect(parsed_body['request']['is_scim'     ]).to eql(true)
+      expect(parsed_body['request']['format'      ]).to eql('application/scim+json')
+      expect(parsed_body['request']['content_type']).to eql('application/scim+json; charset=utf-8')
+    end
+
     it 'translates Rails request format to header' do
       get '/CustomRequestVerifiers', params: { format: :scim }
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: scimitar
 version: !ruby/object:Gem::Version
-  version: 1.5.0
+  version: 1.5.3
 platform: ruby
 authors:
 - RIPA Global
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-01-27 00:00:00.000000000 Z
+date: 2023-09-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails