scimitar 1.7.1 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7e45655762e444503f3ee367b077dce8b2699752d17e0b49e8b73acd1303e8d1
-  data.tar.gz: f1a45bbc7655e1050251aed693d9c7e7c4df9f6a8d26c9f1cde6dba9cf2bc18a
+  metadata.gz: 95a2166cc921a400959f9d8d4398f6bf8ecb772f8d7a0a0a73950892e85d808a
+  data.tar.gz: cdf5aab3812f10f69c96304e738a150f4208850267527b66d36eeb99548d7b1f
 SHA512:
-  metadata.gz: 12f7e2e62278accd66eb1c98ca51041eea8a808dbbb6e2f2dd887acbfce2ffbcdb173566b9af3152bbd9d9aa9df629eb6689d5a28ee33aae776502135581672f
-  data.tar.gz: d282d93b1154cce8e3d868e8e50f3de35be2af9d0c681862da1495436cb5430443576c2dbae1c5296d964ca61193fb30769da11ece3bd72238c0ad121bbee5d2
+  metadata.gz: f0925517599b107e44fd93db9be142aebe608892c2c5069c50d22b353c51238290710474b062a002fdb010be3d783c4dea3b314f72f47b4aca3c2385a8fc1377
+  data.tar.gz: eef6eebfc64bb2d4adabfca110f26e3a6c9e227f47387da6fb384925899ddf0ae260cf68176f24040a6bb356cf34f6576c920bd44264d4a1fee415aeadc237e6

data/app/controllers/scimitar/active_record_backed_resources_controller.rb

@@ -21,8 +21,6 @@ module Scimitar
 
     rescue_from ActiveRecord::RecordNotFound, with: :handle_resource_not_found # See Scimitar::ApplicationController
 
-    before_action :obtain_id_column_name_from_attribute_map
-
     # GET (list)
     #
     def index
@@ -39,13 +37,12 @@ module Scimitar
       pagination_info = scim_pagination_info(query.count())
 
       page_of_results = query
-        .order(@id_column => :asc)
         .offset(pagination_info.offset)
         .limit(pagination_info.limit)
         .to_a()
 
       super(pagination_info, page_of_results) do | record |
-        record_to_scim(record)
+        record.to_scim(location: url_for(action: :show, id: record.id))
       end
     end
 
@@ -54,7 +51,7 @@ module Scimitar
     def show
       super do |record_id|
         record = self.find_record(record_id)
-        record_to_scim(record)
+        record.to_scim(location: url_for(action: :show, id: record_id))
       end
     end
 
@@ -66,7 +63,7 @@ module Scimitar
           record = self.storage_class().new
           record.from_scim!(scim_hash: scim_resource.as_json())
           self.save!(record)
-          record_to_scim(record)
+          record.to_scim(location: url_for(action: :show, id: record.id))
         end
       end
     end
@@ -79,7 +76,7 @@ module Scimitar
           record = self.find_record(record_id)
           record.from_scim!(scim_hash: scim_resource.as_json())
           self.save!(record)
-          record_to_scim(record)
+          record.to_scim(location: url_for(action: :show, id: record.id))
         end
       end
     end
@@ -92,7 +89,7 @@ module Scimitar
           record = self.find_record(record_id)
           record.from_scim_patch!(patch_hash: patch_hash)
           self.save!(record)
-          record_to_scim(record)
+          record.to_scim(location: url_for(action: :show, id: record.id))
         end
       end
     end
@@ -140,26 +137,13 @@ module Scimitar
       # +record_id+:: Record ID (SCIM schema 'id' value - "our" ID).
       #
       def find_record(record_id)
-        self.storage_scope().find_by!(@id_column => record_id)
-      end
-
-      # DRY up controller actions - pass a record; returns the SCIM
-      # representation, with a "show" location specified via #url_for.
-      #
-      def record_to_scim(record)
-        record.to_scim(location: url_for(action: :show, id: record.send(@id_column)))
+        self.storage_scope().find(record_id)
       end
 
       # Save a record, dealing with validation exceptions by raising SCIM
       # errors.
       #
-      # +record+:: ActiveRecord subclass to save.
-      #
-      # If you just let this superclass handle things, it'll call the standard
-      # +#save!+ method on the record. If you pass a block, then this block is
-      # invoked and passed the ActiveRecord model instance to be saved. You can
-      # then do things like calling a different method, using a service object
-      # of some kind, perform audit-related operations and so-on.
+      # +record+:: ActiveRecord subclass to save (via #save!).
       #
       # The return value is not used internally, making life easier for
       # overriding subclasses to "do the right thing" / avoid mistakes (instead
@@ -167,22 +151,10 @@ module Scimitar
       # and relying upon this to generate correct response payloads - an early
       # version of the gem did this and it caused a confusing subclass bug).
       #
-      def save!(record, &block)
-        if block_given?
-          yield(record)
-        else
-          record.save!
-        end
-      rescue ActiveRecord::RecordInvalid => exception
-        handle_invalid_record(exception.record)
-      end
+      def save!(record)
+        record.save!
 
-      # Deal with validation errors by responding with an appropriate SCIM
-      # error.
-      #
-      # +record+:: The record with validation errors.
-      #
-      def handle_invalid_record(record)
+      rescue ActiveRecord::RecordInvalid => exception
         joined_errors = record.errors.full_messages.join('; ')
 
         # https://tools.ietf.org/html/rfc7644#page-12
@@ -204,16 +176,5 @@ module Scimitar
         end
       end
 
-      # Called via +before_action+ - stores in @id_column the name of whatever
-      # model column is used to store the record ID, via
-      # Scimitar::Resources::Mixin::scim_attributes_map.
-      #
-      # Default is <tt>:id</tt>.
-      #
-      def obtain_id_column_name_from_attribute_map
-        attrs      = storage_class().scim_attributes_map() || {}
-        @id_column = attrs[:id] || :id
-      end
-
   end
 end

data/app/controllers/scimitar/application_controller.rb

@@ -25,11 +25,10 @@ module Scimitar
       #
       # ...to "globally" invoke this handler if you wish.
       #
-      # +exception+:: Exception instance, used for a configured error reporter
-      #               via #handle_scim_error (if present).
+      # +_exception+:: Exception instance (currently unused).
       #
-      def handle_resource_not_found(exception)
-        handle_scim_error(NotFoundError.new(params[:id]), exception)
+      def handle_resource_not_found(_exception)
+        handle_scim_error(NotFoundError.new(params[:id]))
       end
 
       # This base controller uses:
@@ -39,22 +38,9 @@ module Scimitar
       # ...to "globally" invoke this handler for all Scimitar errors (including
       # subclasses).
       #
-      # Mandatory parameters are:
-      #
       # +error_response+:: Scimitar::ErrorResponse (or subclass) instance.
       #
-      # Optional parameters are:
-      #
-      # *exception+:: If a Ruby exception was the reason this method is being
-      #               called, pass it here. Any configured exception reporting
-      #               mechanism will be invokved with the given parameter.
-      #               Otherwise, the +error_response+ value is reported.
-      #
-      def handle_scim_error(error_response, exception = error_response)
-        unless Scimitar.engine_configuration.exception_reporter.nil?
-          Scimitar.engine_configuration.exception_reporter.call(exception)
-        end
-
+      def handle_scim_error(error_response)
         render json: error_response, status: error_response.status
       end
 
@@ -69,7 +55,7 @@ module Scimitar
       # +exception+:: Exception instance.
       #
       def handle_bad_json_error(exception)
-        handle_scim_error(ErrorResponse.new(status: 400, detail: "Invalid JSON - #{exception.message}"), exception)
+        handle_scim_error(ErrorResponse.new(status: 400, detail: "Invalid JSON - #{exception.message}"))
       end
 
       # This base controller uses:
@@ -82,7 +68,7 @@ module Scimitar
       #
       def handle_unexpected_error(exception)
         Rails.logger.error("#{exception.message}\n#{exception.backtrace}")
-        handle_scim_error(ErrorResponse.new(status: 500, detail: exception.message), exception)
+        handle_scim_error(ErrorResponse.new(status: 500, detail: exception.message))
       end
 
     # =========================================================================
@@ -96,17 +82,12 @@ module Scimitar
       # request and subclass processing.
       #
       def require_scim
-        scim_mime_type = Mime::Type.lookup_by_extension(:scim).to_s
-
-        if request.media_type.nil? || request.media_type.empty?
-          request.format = :scim
-          request.headers['CONTENT_TYPE'] = scim_mime_type
-        elsif request.media_type.downcase == scim_mime_type
+        if request.content_type&.downcase == Mime::Type.lookup_by_extension(:scim).to_s
           request.format = :scim
         elsif request.format == :scim
-          request.headers['CONTENT_TYPE'] = scim_mime_type
+          request.headers['CONTENT_TYPE'] = Mime::Type.lookup_by_extension(:scim).to_s
         else
-          handle_scim_error(ErrorResponse.new(status: 406, detail: "Only #{scim_mime_type} type is accepted."))
+          handle_scim_error(ErrorResponse.new(status: 406, detail: "Only #{Mime::Type.lookup_by_extension(:scim)} type is accepted."))
         end
       end
 
@@ -124,13 +105,8 @@ module Scimitar
         #
         # https://stackoverflow.com/questions/10239970/what-is-the-delimiter-for-www-authenticate-for-multiple-schemes
         #
-        response.set_header('WWW-Authenticate', 'Basic' ) if Scimitar.engine_configuration.basic_authenticator.present?
-        response.set_header('WWW-Authenticate', 'Bearer') if Scimitar.engine_configuration.token_authenticator.present?
-
-        # No matter what a caller might request via headers, the only content
-        # type we can ever respond with is JSON-for-SCIM.
-        #
-        response.set_header('Content-Type', "#{Mime::Type.lookup_by_extension(:scim)}; charset=utf-8")
+        response.set_header('WWW_AUTHENTICATE', 'Basic' ) if Scimitar.engine_configuration.basic_authenticator.present?
+        response.set_header('WWW_AUTHENTICATE', 'Bearer') if Scimitar.engine_configuration.token_authenticator.present?
       end
 
       def authenticate

data/app/controllers/scimitar/schemas_controller.rb

@@ -4,11 +4,6 @@ module Scimitar
   class SchemasController < ApplicationController
     def index
       schemas = Scimitar::Engine.schemas
-
-      schemas.each do |schema|
-        schema.meta.location = scim_schemas_url(name: schema.id)
-      end
-
       schemas_by_id = schemas.reduce({}) do |hash, schema|
         hash[schema.id] = schema
         hash

data/app/models/scimitar/engine_configuration.rb

@@ -7,23 +7,15 @@ module Scimitar
   class EngineConfiguration
     include ActiveModel::Model
 
-    attr_accessor(
-      :uses_defaults,
-      :basic_authenticator,
-      :token_authenticator,
-      :application_controller_mixin,
-      :exception_reporter,
-      :optional_value_fields_required,
-    )
+    attr_accessor :basic_authenticator,
+                  :token_authenticator,
+                  :application_controller_mixin
 
     def initialize(attributes = {})
-      @uses_defaults = attributes.empty?
 
-      # Set defaults that may be overridden by the initializer.
+      # No defaults yet - reserved for future use.
       #
-      defaults = {
-        optional_value_fields_required: true
-      }
+      defaults = {}
 
       super(defaults.merge(attributes))
     end

data/app/models/scimitar/error_response.rb

@@ -16,17 +16,5 @@ module Scimitar
       data['scimType'] = scimType if scimType
       data
     end
-
-    # Originally Scimitar used attribute "detail" for exception text; it was
-    # only for JSON responses at the time, but in hindsight was a bad choice.
-    # It should have been "message" given inheritance from StandardError, which
-    # then works properly with e.g. error reporting services.
-    #
-    # The "detail" attribute is still present, for backwards compatibility with
-    # any client code that might be using this class.
-    #
-    def message
-      self.detail
-    end
   end
 end

data/app/models/scimitar/lists/query_parser.rb

@@ -78,7 +78,7 @@ module Scimitar
       #                   method's return value here.
       #
       def initialize(attribute_map)
-        @attribute_map = attribute_map.with_indifferent_case_insensitive_access()
+        @attribute_map = attribute_map
       end
 
       # Parse SCIM filter query into RPN stack
@@ -192,7 +192,7 @@ module Scimitar
 
             ast.push(self.start_group? ? self.parse_group() : self.pop())
 
-            if ast.last.is_a?(String) && !UNARY_OPERATORS.include?(ast.last.downcase) || ast.last.is_a?(Array)
+            unless ! ast.last.is_a?(String) || UNARY_OPERATORS.include?(ast.last.downcase)
               expect_op ^= true
             end
           end
@@ -601,27 +601,12 @@ module Scimitar
           column_names   = self.activerecord_columns(scim_attribute)
           value          = self.activerecord_parameter(scim_parameter)
           value_for_like = self.sql_modified_value(scim_operator, value)
-          arel_columns   = column_names.map do |column|
-            if base_scope.model.column_names.include?(column.to_s)
-              arel_table[column]
-            elsif column.is_a?(Arel::Attribute)
-              column
-            end
-          end
-
-          raise Scimitar::FilterError unless arel_columns.all?
+          all_supported  = column_names.all? { | column_name | base_scope.model.column_names.include?(column_name.to_s) }
 
-          unless case_sensitive
-            lc_scim_attribute = scim_attribute.downcase()
-
-            case_sensitive = (
-              lc_scim_attribute == 'id' ||
-              lc_scim_attribute == 'externalid' ||
-              lc_scim_attribute.start_with?('meta.')
-            )
-          end
+          raise Scimitar::FilterError unless all_supported
 
-          arel_columns.each.with_index do | arel_column, index |
+          column_names.each.with_index do | column_name, index |
+            arel_column    = arel_table[column_name]
             arel_operation = case scim_operator
               when 'eq'
                 if case_sensitive
@@ -646,9 +631,9 @@ module Scimitar
               when 'co', 'sw', 'ew'
                 arel_column.matches(value_for_like, nil, case_sensitive)
               when 'pr'
-                arel_column.relation.grouping(arel_column.not_eq_all(['', nil]))
+                arel_table.grouping(arel_column.not_eq_all(['', nil]))
               else
-                raise Scimitar::FilterError.new("Unsupported operator: '#{scim_operator}'")
+                raise Scimitar::FilterError
             end
 
             if index == 0
@@ -671,10 +656,10 @@ module Scimitar
         # +scim_attribute+:: SCIM attribute from a filter string.
         #
         def activerecord_columns(scim_attribute)
-          raise Scimitar::FilterError.new("No scim_attribute provided") if scim_attribute.blank?
+          raise Scimitar::FilterError if scim_attribute.blank?
 
           mapped_attribute = self.attribute_map()[scim_attribute]
-          raise Scimitar::FilterError.new("Unable to find domain attribute from SCIM attribute: '#{scim_attribute}'") if mapped_attribute.blank?
+          raise Scimitar::FilterError if mapped_attribute.blank?
 
           if mapped_attribute[:ignore]
             return []

data/app/models/scimitar/resources/base.rb

@@ -112,7 +112,7 @@ module Scimitar
       end
 
       def self.complex_scim_attributes
-        schemas.flat_map(&:scim_attributes).select(&:complexType).group_by(&:name)
+        schema.scim_attributes.select(&:complexType).group_by(&:name)
       end
 
       def complex_type_from_hash(scim_attribute, attr_value)
@@ -138,24 +138,14 @@ module Scimitar
       end
 
       def as_json(options = {})
-        self.meta = Meta.new unless self.meta && self.meta.is_a?(Meta)
-        self.meta.resourceType = self.class.resource_type_id
-
-        non_returnable_attributes = self.class
-          .schemas
-          .flat_map(&:scim_attributes)
-          .filter_map { |attribute| attribute.name if attribute.returned == 'never' }
-
-        non_returnable_attributes << 'errors'
-
-        original_hash = super(options).except(*non_returnable_attributes)
+        self.meta = Meta.new unless self.meta
+        meta.resourceType = self.class.resource_type_id
+        original_hash = super(options).except('errors')
         original_hash.merge!('schemas' => self.class.schemas.map(&:id))
-
         self.class.extended_schemas.each do |extension_schema|
           extension_attributes = extension_schema.scim_attributes.map(&:name)
           original_hash.merge!(extension_schema.id => original_hash.extract!(*extension_attributes))
         end
-
         original_hash
       end
 

data/app/models/scimitar/resources/mixin.rb

@@ -220,8 +220,13 @@ module Scimitar
     # allow for different client searching "styles", given ambiguities in RFC
     # 7644 filter examples).
     #
-    # Each value is a hash of queryable SCIM attribute options, described
-    # below - for example:
+    # Each value is a Hash with Symbol keys ':column', naming just one simple
+    # column for a mapping; ':columns', with an Array of column names that you
+    # want to map using 'OR' for a single search on the corresponding SCIM
+    # attribute; or ':ignore' with value 'true', which means that a fitler on
+    # the matching attribute is ignored rather than resulting in an "invalid
+    # filter" exception - beware possibilities for surprised clients getting a
+    # broader result set than expected. Example:
     #
     #     def self.scim_queryable_attributes
     #       return {
@@ -229,27 +234,10 @@ module Scimitar
     #         'name.familyName' => { column: :last_name  },
     #         'emails'          => { columns: [ :work_email_address, :home_email_address ] },
     #         'emails.value'    => { columns: [ :work_email_address, :home_email_address ] },
-    #         'emails.type'     => { ignore: true },
-    #         'groups.value'    => { column: Group.arel_table[:id] }
+    #         'emails.type'     => { ignore: true }
     #       }
     #     end
     #
-    # Column references can be either a Symbol representing a column within
-    # the resource model table, or an <tt>Arel::Attribute</tt> instance via
-    # e.g. <tt>MyModel.arel_table[:my_column]</tt>.
-    #
-    # === Queryable SCIM attribute options
-    #
-    # +:column+::  Just one simple column for a mapping.
-    #
-    # +:columns+:: An Array of columns that you want to map using 'OR' for a
-    #              single search of the corresponding entity.
-    #
-    # +:ignore+::  When set to +true+, the matching attribute is ignored rather
-    #              than resulting in an "invalid filter" exception. Beware
-    #              possibilities for surprised clients getting a broader result
-    #              set than expected, since a constraint may have been ignored.
-    #
     # Filtering is currently limited and searching within e.g. arrays of data
     # is not supported; only simple top-level keys can be mapped.
     #
@@ -418,11 +406,8 @@ module Scimitar
         def from_scim_patch!(patch_hash:)
           frozen_ci_patch_hash = patch_hash.with_indifferent_case_insensitive_access().freeze()
           ci_scim_hash         = self.to_scim(location: '(unused)').as_json().with_indifferent_case_insensitive_access()
-          operations           = frozen_ci_patch_hash['operations']
-
-          raise Scimitar::InvalidSyntaxError.new("Missing PATCH \"operations\"") unless operations
 
-          operations.each do |operation|
+          frozen_ci_patch_hash['operations'].each do |operation|
             nature   = operation['op'   ]&.downcase
             path_str = operation['path' ]
             value    = operation['value']
@@ -458,30 +443,9 @@ module Scimitar
               ci_scim_hash = { 'root' => ci_scim_hash }.with_indifferent_case_insensitive_access()
             end
 
-            # Handle extension schema. Contributed by @bettysteger and
-            # @MorrisFreeman via:
-            #
-            #   https://github.com/RIPAGlobal/scimitar/issues/48
-            #   https://github.com/RIPAGlobal/scimitar/pull/49
-            #
-            # Note the ":" separating the schema ID (URN) from the attribute.
-            # The nature of JSON rendering / other payloads might lead you to
-            # expect a "." as with any complex types, but that's not the case;
-            # see https://tools.ietf.org/html/rfc7644#section-3.10, or
-            # https://tools.ietf.org/html/rfc7644#section-3.5.2 of which in
-            # particular, https://tools.ietf.org/html/rfc7644#page-35.
-            #
-            paths = []
-            self.class.scim_resource_type.extended_schemas.each do |schema|
-              path_str.downcase.split(schema.id.downcase + ':').drop(1).each do |path|
-                paths += [schema.id] + path.split('.')
-              end
-            end
-            paths = path_str.split('.') if paths.empty?
-
             self.from_patch_backend!(
               nature:        nature,
-              path:          paths,
+              path:          (path_str || '').split('.'),
               value:         value,
               altering_hash: ci_scim_hash
             )
@@ -652,19 +616,7 @@ module Scimitar
                 attrs_map_or_leaf_value.each do | scim_attribute, sub_attrs_map_or_leaf_value |
                   next if scim_attribute&.to_s&.downcase == 'id' && path.empty?
 
-                  # Handle extension schema. Contributed by @bettysteger and
-                  # @MorrisFreeman via:
-                  #
-                  #   https://github.com/RIPAGlobal/scimitar/issues/48
-                  #   https://github.com/RIPAGlobal/scimitar/pull/49
-                  #
-                  attribute_tree = []
-                  resource_class.extended_schemas.each do |schema|
-                    attribute_tree << schema.id and break if schema.scim_attributes.any? { |attribute| attribute.name == scim_attribute.to_s }
-                  end
-                  attribute_tree << scim_attribute.to_s
-
-                  sub_scim_hash_or_leaf_value = scim_hash_or_leaf_value&.dig(*attribute_tree)
+                  sub_scim_hash_or_leaf_value = scim_hash_or_leaf_value&.dig(scim_attribute.to_s)
 
                   self.from_scim_backend!(
                     attrs_map_or_leaf_value: sub_attrs_map_or_leaf_value,
@@ -949,86 +901,10 @@ module Scimitar
                   else
                     altering_hash[path_component] = value
                   end
-
                 when 'replace'
-                  if path_component == 'root'
-                    altering_hash[path_component].merge!(value)
-                  else
-                    altering_hash[path_component] = value
-                  end
-
-                # The array check handles payloads seen from e.g. Microsoft for
-                # remove-user-from-group, where contrary to examples in the RFC
-                # which would imply "payload removes all users", there is the
-                # clear intent to remove just one.
-                #
-                # https://tools.ietf.org/html/rfc7644#section-3.5.2.2
-                # https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups#update-group-remove-members
-                #
-                # Since remove-all in the face of remove-one is destructive, we
-                # do a special check here to see if there's an array value for
-                # the array path that the payload yielded. If so, we can match
-                # each value against array items and remove just those items.
-                #
-                # There is an additional special case to handle a bad example
-                # from Salesforce:
-                #
-                #   https://help.salesforce.com/s/articleView?id=sf.identity_scim_manage_groups.htm&type=5
-                #
+                  altering_hash[path_component] = value
                 when 'remove'
-                  if altering_hash[path_component].is_a?(Array) && value.present?
-
-                    # Handle bad Salesforce example. That might be simply a
-                    # documentation error, but just in case...
-                    #
-                    value = value.values.first if (
-                      path_component&.downcase == 'members' &&
-                      value.is_a?(Hash)                     &&
-                      value.keys.size == 1                  &&
-                      value.keys.first&.downcase == 'members'
-                    )
-
-                    # The Microsoft example provides an array of values, but we
-                    # may as well cope with a value specified 'flat'. Promote
-                    # such a thing to an Array to simplify the following code.
-                    #
-                    value = [value] unless value.is_a?(Array)
-
-                    # For each value item, delete matching array entries. The
-                    # concept of "matching" is:
-                    #
-                    # * For simple non-Hash values (if possible) just delete on
-                    #   an exact match
-                    #
-                    # * For Hash-based values, only delete if all 'patch' keys
-                    #   are present in the resource and all values thus match.
-                    #
-                    # Special case to ignore '$ref' from the Microsoft payload.
-                    #
-                    # Note coercion to strings to account for SCIM vs the usual
-                    # tricky case of underlying implementations with (say)
-                    # integer primary keys, which all end up as strings anyway.
-                    #
-                    value.each do | value_item |
-                      altering_hash[path_component].delete_if do | item |
-                        if item.is_a?(Hash) && value_item.is_a?(Hash)
-                          matched_all = true
-                          value_item.each do | value_key, value_value |
-                            next if value_key == '$ref'
-                            if ! item.key?(value_key) || item[value_key]&.to_s != value_value&.to_s
-                              matched_all = false
-                            end
-                          end
-                          matched_all
-                        else
-                          item&.to_s == value_item&.to_s
-                        end
-                      end
-                    end
-                  else
-                    altering_hash.delete(path_component)
-                  end
-
+                  altering_hash.delete(path_component)
               end
             end
           end

data/app/models/scimitar/schema/address.rb

@@ -10,7 +10,6 @@ module Scimitar
       def self.scim_attributes
         @scim_attributes ||= [
           Attribute.new(name: 'type',          type: 'string'),
-          Attribute.new(name: 'primary',       type: 'boolean'),
           Attribute.new(name: 'formatted',     type: 'string'),
           Attribute.new(name: 'streetAddress', type: 'string'),
           Attribute.new(name: 'locality',      type: 'string'),

data/app/models/scimitar/schema/attribute.rb

@@ -93,23 +93,14 @@ module Scimitar
       end
 
       def valid_simple_type?(value)
-        if multiValued
-          valid = value.is_a?(Array) && value.all? { |v| simple_type?(v) }
-          errors.add(self.name, "or one of its elements has the wrong type. It has to be an array of #{self.type}s.") unless valid
-        else
-          valid = simple_type?(value)
-          errors.add(self.name, "has the wrong type. It has to be a(n) #{self.type}.") unless valid
-        end
+        valid = (type == 'string' && value.is_a?(String)) ||
+          (type == 'boolean' && (value.is_a?(TrueClass) || value.is_a?(FalseClass))) ||
+          (type == 'integer' && (value.is_a?(Integer))) ||
+          (type == 'dateTime' && valid_date_time?(value))
+        errors.add(self.name, "has the wrong type. It has to be a(n) #{self.type}.") unless valid
         valid
       end
 
-      def simple_type?(value)
-        (type == 'string' && value.is_a?(String)) ||
-        (type == 'boolean' && (value.is_a?(TrueClass) || value.is_a?(FalseClass))) ||
-        (type == 'integer' && (value.is_a?(Integer))) ||
-        (type == 'dateTime' && valid_date_time?(value))
-      end
-
       def valid_date_time?(value)
         !!Time.iso8601(value)
       rescue ArgumentError

data/app/models/scimitar/schema/base.rb

@@ -13,7 +13,7 @@ module Scimitar
 
       # Converts the schema to its json representation that will be returned by /SCHEMAS end-point of a SCIM service provider.
       def as_json(options = {})
-        @meta.location ||= Scimitar::Engine.routes.url_helpers.scim_schemas_path(name: id)
+        @meta.location = Scimitar::Engine.routes.url_helpers.scim_schemas_path(name: id)
         original = super
         original.merge('attributes' => original.delete('scim_attributes'))
       end

data/app/models/scimitar/schema/vdtp.rb

@@ -7,7 +7,7 @@ module Scimitar
     class Vdtp < Base
       def self.scim_attributes
         @scim_attributes ||= [
-          Attribute.new(name: 'value',   type: 'string', required: Scimitar.engine_configuration.optional_value_fields_required),
+          Attribute.new(name: 'value',   type: 'string', required: true),
           Attribute.new(name: 'display', type: 'string', mutability: 'readOnly'),
           Attribute.new(name: 'type',    type: 'string'),
           Attribute.new(name: 'primary', type: 'boolean'),